• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability

The pnmtopng utility is prone to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue reportedly occurs only when the '-alpha' command-line option is used.

This issue allows attackers to create malicious PNM files that, when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.