openSUSE Security Update : netpbm (openSUSE-2017-742)

Medium Nessus Plugin ID 101135


The remote openSUSE host is missing a security update.


This update for netpbm fixes the following issues :

Security bugs :

- CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images.

- CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]

- CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]

This update was imported from the SUSE:SLE-12:Update update project.


Update the affected netpbm packages.

See Also

Plugin Details

Severity: Medium

ID: 101135

File Name: openSUSE-2017-742.nasl

Version: $Revision: 3.1 $

Type: local

Agent: unix

Published: 2017/06/30

Modified: 2017/06/30

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libnetpbm-devel, p-cpe:/a:novell:opensuse:libnetpbm11, p-cpe:/a:novell:opensuse:libnetpbm11-32bit, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo, p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo-32bit, p-cpe:/a:novell:opensuse:netpbm, p-cpe:/a:novell:opensuse:netpbm-debuginfo, p-cpe:/a:novell:opensuse:netpbm-debugsource, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/06/26

Reference Information

CVE: CVE-2017-2581, CVE-2017-2586, CVE-2017-2587