Your submission was sent successfully! Close

CVE-2018-8975

Published: 25 March 2018

The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.

Notes

AuthorNote
debian
Vulnerable code not present, Debian uses an unaffected fork
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
netpbm-free
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)