Bug 22945

Summary: CVE-2009-4274 netpbm: Stack-based buffer overflow by processing X PixMap image
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: netpbmAssignee: Vladimir Lettiev <crux>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: crux
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=546580

Description Dmitry V. Levin 2010-02-11 17:55:10 MSK 
Marc Schoenefeld found a stack-based buffer overflow in the way netpbm graphics file formats handling library used to process content of header fields of the X PixMap (XPM) image file.  A remote attacker could provide a specially-crafted XPM image file and trick the local user into processing it, which would lead to denial of service (crash of application using the netpbm library) or, potentially, to execution of arbitrary code with the privileges of that application.
Comment 1 Vladimir Lettiev 2010-02-13 22:23:29 MSK 
Подготовил исправление для Sisyphus:
http://git.altlinux.org/people/crux/packages/?p=netpbm.git;a=summary
Исправление для бранчей также можно подготовить (пример в бранче M51)

Если замечаний не будет, то можно будет отправить на сборку.
Comment 2 Vladimir Lettiev 2010-03-02 22:38:53 MSK 
fixed in 10.35.73-alt1