{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2011:1811", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076"}, {"name": "ADV-2010-0358", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0358"}, {"name": "38530", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38530"}, {"name": "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"}, {"name": "ADV-2010-0780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0780"}, {"name": "netpbm-xpm-bo(56207)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"}, {"name": "SUSE-SR:2010:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"}, {"name": "DSA-2026", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2026"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"}, {"name": "38915", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38915"}, {"name": "38164", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38164"}, {"name": "MDVSA-2010:039", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:10.362Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2011:1811", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076"}, {"name": "ADV-2010-0358", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0358"}, {"name": "38530", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38530"}, {"name": "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"}, {"name": "ADV-2010-0780", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0780"}, {"name": "netpbm-xpm-bo(56207)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"}, {"name": "SUSE-SR:2010:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"}, {"name": "DSA-2026", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2026"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"}, {"name": "38915", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38915"}, {"name": "38164", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38164"}, {"name": "MDVSA-2010:039", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4274", "datePublished": "2010-02-12T21:00:00", "dateReserved": "2009-12-10T00:00:00", "dateUpdated": "2024-08-07T06:54:10.362Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*", "matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*", "matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*", "matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "EC42B061-EB8E-49B4-B041-42B31672C42D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*", "matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*", "matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*", "matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*", "matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*", "matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*", "matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*", "matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*", "matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*", "matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*", "matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.25:*:*:*:*:*:*:*", "matchCriteriaId": "CDE78BA1-4001-4676-8BCB-FBC081A5D733", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.26:*:*:*:*:*:*:*", "matchCriteriaId": "FF606C17-AD8A-4D81-AB55-50B0C4B7763F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.27:*:*:*:*:*:*:*", "matchCriteriaId": "906047FD-1D75-4F97-977D-2A22A1DC87B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.28:*:*:*:*:*:*:*", "matchCriteriaId": "2DA92693-6629-4A8D-9C54-418569C852F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.29:*:*:*:*:*:*:*", "matchCriteriaId": "F078E1C6-3FB7-415B-A49A-455BE55148B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*", "matchCriteriaId": "9F97984A-04F4-4F69-B03B-D06FD0F21EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*", "matchCriteriaId": "53FB010A-9B82-41F9-9DDB-4DCC0BFA0365", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*", "matchCriteriaId": "07292430-0952-4E40-9012-1DD5709D2F9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*", "matchCriteriaId": "019C4B30-4F04-4068-80B1-884F9607EC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.34:*:*:*:*:*:*:*", "matchCriteriaId": "F74038FE-C361-415B-AC47-744D3792E707", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.00:*:*:*:*:*:*:*", "matchCriteriaId": "7A6B8C20-2603-4BC6-A9C5-363E45B86492", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.01:*:*:*:*:*:*:*", "matchCriteriaId": "16998237-B53D-4E6C-B2E7-3C17BE483780", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.02:*:*:*:*:*:*:*", "matchCriteriaId": "4998E602-7E72-4ED9-806F-2DF117827F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.03:*:*:*:*:*:*:*", "matchCriteriaId": "5A01D9E5-14BD-416D-8363-278FBA991BE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.04:*:*:*:*:*:*:*", "matchCriteriaId": "59B55BD5-0E1C-4A13-965C-BAFBE480C384", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.05:*:*:*:*:*:*:*", "matchCriteriaId": "EC498C66-4E32-4E4B-9BB0-3943CB963BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.06:*:*:*:*:*:*:*", "matchCriteriaId": "FF4F989C-B9AF-4A0D-A39E-A9405E38229F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.07:*:*:*:*:*:*:*", "matchCriteriaId": "1FCC7D4D-09B1-4063-9FE8-F88032B91FA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.08:*:*:*:*:*:*:*", "matchCriteriaId": "BEF8AB55-8A95-47CD-960A-E9A920632B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.09:*:*:*:*:*:*:*", "matchCriteriaId": "FB45C9DA-9503-4F5C-8079-0C47E778EAB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.10:*:*:*:*:*:*:*", "matchCriteriaId": "3B1D6ABC-D56F-4484-90D0-45CD3E7B682C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.11:*:*:*:*:*:*:*", "matchCriteriaId": "B48121BF-EDA1-4EAD-B24B-7BAF6668D4BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.12:*:*:*:*:*:*:*", "matchCriteriaId": "9E079966-8423-4638-8A55-BC9F2412D4E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.13:*:*:*:*:*:*:*", "matchCriteriaId": "0BE5E653-3B78-4DCE-9FE8-1126FC18D8B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.14:*:*:*:*:*:*:*", "matchCriteriaId": "D339F6D7-9E9A-46C2-9823-E534F3BEBDC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.15:*:*:*:*:*:*:*", "matchCriteriaId": "A829E428-77AA-4B8F-B4E6-BB89F0054F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.16:*:*:*:*:*:*:*", "matchCriteriaId": "A6470755-BE74-49FB-B4C7-6869FB33A096", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.17:*:*:*:*:*:*:*", "matchCriteriaId": "7FEFA0BB-1542-4A88-BC95-A60AAEF90D5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.18:*:*:*:*:*:*:*", "matchCriteriaId": "090C90E2-D688-44C2-88D7-E40F7D919FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.19:*:*:*:*:*:*:*", "matchCriteriaId": "675512A2-6E2A-46BA-9237-114B4EA6248F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.20:*:*:*:*:*:*:*", "matchCriteriaId": "185FF47F-321E-4D26-893D-BB4F4B532670", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.21:*:*:*:*:*:*:*", "matchCriteriaId": "B402DB46-6103-4428-B6BF-9263D9270EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.22:*:*:*:*:*:*:*", "matchCriteriaId": "599D4BAC-1266-4A30-A4C5-4BA13EC47F62", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.23:*:*:*:*:*:*:*", "matchCriteriaId": "23241E2B-21B9-4C97-B865-5C3652C27401", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.24:*:*:*:*:*:*:*", "matchCriteriaId": "B4A40DC0-AE35-4597-8A55-D5022289435E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.25:*:*:*:*:*:*:*", "matchCriteriaId": "C12B85A1-5607-4037-A362-0270EF710514", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.26:*:*:*:*:*:*:*", "matchCriteriaId": "03B39A1A-DC18-413E-A869-9D6C7C77BF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.27:*:*:*:*:*:*:*", "matchCriteriaId": "4F62F30D-F8D9-4B47-9CFC-8F54B3F589C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.28:*:*:*:*:*:*:*", "matchCriteriaId": "89B0ACB2-FE13-4145-8EAE-9D6FB7FEDD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.29:*:*:*:*:*:*:*", "matchCriteriaId": "0253F8B8-346C-40F0-9225-4593EAF39861", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.30:*:*:*:*:*:*:*", "matchCriteriaId": "2411D682-BEB2-41E0-B211-4E8EA0E551C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.31:*:*:*:*:*:*:*", "matchCriteriaId": "97036446-8A06-4AB6-842B-2186A88FBB1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.32:*:*:*:*:*:*:*", "matchCriteriaId": "FC9F56AC-906E-4713-83ED-79A8673F59BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.33:*:*:*:*:*:*:*", "matchCriteriaId": "A77A17C7-C323-4182-A099-BB3E92BF12D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.34:*:*:*:*:*:*:*", "matchCriteriaId": "82DB51EA-A050-417A-8603-97BD33ACB9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.35:*:*:*:*:*:*:*", "matchCriteriaId": "48468D84-76E9-476D-8470-3950C8281118", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.36:*:*:*:*:*:*:*", "matchCriteriaId": "7472AD57-68B3-43BE-95D4-F21D39708A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.37:*:*:*:*:*:*:*", "matchCriteriaId": "DAA0C21F-DB95-43D9-B7B2-B076043828E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.38:*:*:*:*:*:*:*", "matchCriteriaId": "3658F6EA-E897-4A24-AD82-F3EBD4567D27", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.39:*:*:*:*:*:*:*", "matchCriteriaId": "F887C654-43D9-4374-88D8-DCA800B7F449", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.40:*:*:*:*:*:*:*", "matchCriteriaId": "34001491-58AD-4F6C-9159-C27671EA1574", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.41:*:*:*:*:*:*:*", "matchCriteriaId": "347D3197-1915-4417-B72D-0C23BEFBAA32", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.42:*:*:*:*:*:*:*", "matchCriteriaId": "0256E7B3-E119-41A4-B49D-4C08D364C22C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.43:*:*:*:*:*:*:*", "matchCriteriaId": "2EA3DD4D-28E0-4266-9024-A4DFF832512E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.44:*:*:*:*:*:*:*", "matchCriteriaId": "02FAFCFB-0D3F-4906-ADCE-BF7F06167692", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.45:*:*:*:*:*:*:*", "matchCriteriaId": "EB184F25-C4ED-4655-B79D-6B00E22F9097", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.46:*:*:*:*:*:*:*", "matchCriteriaId": "43FC34D4-576B-46D6-B13C-EE17C0A5AAE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.47:*:*:*:*:*:*:*", "matchCriteriaId": "0618AF8A-0927-45CC-8BF5-93B1083B8147", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.36.00:*:*:*:*:*:*:*", "matchCriteriaId": "4A715086-7459-4E99-8936-49F77323D17C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.37.00:*:*:*:*:*:*:*", "matchCriteriaId": "979690E7-827E-4131-A3CD-235340A2FC2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.38.00:*:*:*:*:*:*:*", "matchCriteriaId": "AD21B69B-5500-4130-9603-F46998AC7D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.39.00:*:*:*:*:*:*:*", "matchCriteriaId": "0E222667-1825-4377-AD6E-5C88979CD5A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.40.00:*:*:*:*:*:*:*", "matchCriteriaId": "AFA2DCC3-007C-4EA4-BD2B-18C776D3CBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.41.00:*:*:*:*:*:*:*", "matchCriteriaId": "B5A9A4DD-FCE5-4585-97A5-F91120F9F2D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.42.00:*:*:*:*:*:*:*", "matchCriteriaId": "9A8E6AAC-2DFD-4E6F-BAFA-FC002E7FBF78", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.43.00:*:*:*:*:*:*:*", "matchCriteriaId": "9C739F6A-7DA4-4069-827D-B78DA08E4C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.44.00:*:*:*:*:*:*:*", "matchCriteriaId": "04BE3C40-8066-4C41-A566-F89236D5F112", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.45.00:*:*:*:*:*:*:*", "matchCriteriaId": "A66AB52D-ECF8-4D0E-906F-7FA1AC41CD84", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.46.00:*:*:*:*:*:*:*", "matchCriteriaId": "C11B4771-81FF-4FA4-AB56-0BD51AFF10D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.00:*:*:*:*:*:*:*", "matchCriteriaId": "B15E831F-F5FB-487F-9359-A7188C2206BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.01:*:*:*:*:*:*:*", "matchCriteriaId": "756FB7A1-2FD3-40A6-B992-5D5FF0E6A736", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.02:*:*:*:*:*:*:*", "matchCriteriaId": "51CEA68F-46F0-4795-9839-D961FC1A394F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.03:*:*:*:*:*:*:*", "matchCriteriaId": "0A6F7C0A-FF13-4C64-B9D3-5E71FCF87813", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.04:*:*:*:*:*:*:*", "matchCriteriaId": "B20DFC28-0489-404A-8783-DCA6157EACCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.05:*:*:*:*:*:*:*", "matchCriteriaId": "533419D8-A51D-4C51-A898-7E9068722FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.06:*:*:*:*:*:*:*", "matchCriteriaId": "E141EBC6-830D-4ADD-8D03-DB528FF3E117", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en converter/ppm/xpmtoppm.c en netpbm anterior a v10.47.07, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio(ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de imagen XPM que contiene un campo de cabecera (header) manipulado asociado con un valor alto del \u00edndice de color."}], "id": "CVE-2009-4274", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-12T21:30:00.533", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076"}, {"source": "secalert@redhat.com", "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38530"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/38915"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2026"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/38164"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0358"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0780"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4274\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2010-02-17T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1811", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "netpbm-0:10.35.58-8.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2011-12-12T00:00:00Z"}, {"advisory": "RHSA-2011:1811", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "netpbm-0:10.35.58-8.el5_7.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-12-12T00:00:00Z"}], "bugzilla": {"description": "netpbm: Stack-based buffer overflow by processing X PixMap image header fields", "id": "546580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."], "name": "CVE-2009-4274", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "netpbm", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-02-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4274\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4274"], "threat_severity": "Moderate"}