NetPBM PNMToPNG Long Text Line Buffer Overflow Vulnerability

NetPBM PNMToPNG Long Text Line Buffer Overflow Vulnerability

Netpbm 'pnmtopng' is susceptible to a buffer-overflow vulnerability. The utility fails to do proper bounds checks on user-supplied data before copying it to an insufficiently sized memory buffer. This issue reportedly occurs only when the '-text' command-line option is used.

This issue allows attackers to create malicious PNM files that, when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.

This vulnerability was reported in versions 9.20 and 10.0 of Netpbm. Other versions may also be affected.