CVE-2018-8975
Published: 25 March 2018
The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.
Notes
Author | Note |
---|---|
debian | Vulnerable code not present, Debian uses an unaffected fork |
Priority
CVSS 3 base score: 5.5
Status
Package | Release | Status |
---|---|---|
netpbm-free Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
xenial |
Not vulnerable
(code not present)
|
|
artful |
Not vulnerable
(code not present)
|