CVE-2008-4799

pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
netpbmnetpbm
𝑥
≤ 10.35.47
netpbmnetpbm
8.1
netpbmnetpbm
8.2
netpbmnetpbm
8.3
netpbmnetpbm
8.4
netpbmnetpbm
9.0
netpbmnetpbm
9.1
netpbmnetpbm
9.2
netpbmnetpbm
9.3
netpbmnetpbm
9.4
netpbmnetpbm
9.5
netpbmnetpbm
9.6
netpbmnetpbm
9.7
netpbmnetpbm
9.8
netpbmnetpbm
9.9
netpbmnetpbm
9.10
netpbmnetpbm
9.11
netpbmnetpbm
9.12
netpbmnetpbm
9.13
netpbmnetpbm
9.14
netpbmnetpbm
9.15
netpbmnetpbm
9.16
netpbmnetpbm
9.17
netpbmnetpbm
9.18
netpbmnetpbm
9.19
netpbmnetpbm
9.20
netpbmnetpbm
9.21
netpbmnetpbm
9.22
netpbmnetpbm
9.23
netpbmnetpbm
9.24
netpbmnetpbm
9.25
netpbmnetpbm
10.0
netpbmnetpbm
10.1
netpbmnetpbm
10.2
netpbmnetpbm
10.3
netpbmnetpbm
10.4
netpbmnetpbm
10.5
netpbmnetpbm
10.6
netpbmnetpbm
10.7
netpbmnetpbm
10.8
netpbmnetpbm
10.9
netpbmnetpbm
10.10
netpbmnetpbm
10.12
netpbmnetpbm
10.13
netpbmnetpbm
10.14
netpbmnetpbm
10.15
netpbmnetpbm
10.16
netpbmnetpbm
10.17
netpbmnetpbm
10.18
netpbmnetpbm
10.19
netpbmnetpbm
10.20
netpbmnetpbm
10.21
netpbmnetpbm
10.22
netpbmnetpbm
10.23
netpbmnetpbm
10.24
netpbmnetpbm
10.25
netpbmnetpbm
10.26
netpbmnetpbm
10.27
netpbmnetpbm
10.28
netpbmnetpbm
10.29
netpbmnetpbm
10.30
netpbmnetpbm
10.31
netpbmnetpbm
10.32
netpbmnetpbm
10.33
netpbmnetpbm
10.34
netpbmnetpbm
10.35.00
netpbmnetpbm
10.35.01
netpbmnetpbm
10.35.02
netpbmnetpbm
10.35.03
netpbmnetpbm
10.35.04
netpbmnetpbm
10.35.05
netpbmnetpbm
10.35.06
netpbmnetpbm
10.35.07
netpbmnetpbm
10.35.08
netpbmnetpbm
10.35.09
netpbmnetpbm
10.35.10
netpbmnetpbm
10.35.11
netpbmnetpbm
10.35.12
netpbmnetpbm
10.35.13
netpbmnetpbm
10.35.14
netpbmnetpbm
10.35.15
netpbmnetpbm
10.35.16
netpbmnetpbm
10.35.17
netpbmnetpbm
10.35.18
netpbmnetpbm
10.35.19
netpbmnetpbm
10.35.20
netpbmnetpbm
10.35.21
netpbmnetpbm
10.35.22
netpbmnetpbm
10.35.23
netpbmnetpbm
10.35.24
netpbmnetpbm
10.35.25
netpbmnetpbm
10.35.26
netpbmnetpbm
10.35.27
netpbmnetpbm
10.35.28
netpbmnetpbm
10.35.29
netpbmnetpbm
10.35.30
netpbmnetpbm
10.35.31
netpbmnetpbm
10.35.32
netpbmnetpbm
10.35.33
netpbmnetpbm
10.35.34
netpbmnetpbm
10.35.35
netpbmnetpbm
10.35.36
netpbmnetpbm
10.35.37
netpbmnetpbm
10.35.38
netpbmnetpbm
10.35.39
netpbmnetpbm
10.35.40
netpbmnetpbm
10.35.41
netpbmnetpbm
10.35.42
netpbmnetpbm
10.35.43
netpbmnetpbm
10.35.44
netpbmnetpbm
10.35.45
netpbmnetpbm
10.35.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
netpbm-free
bullseye
2:10.0-15.4
fixed
bookworm
2:11.01.00-2
fixed
sid
2:11.08.01-1
fixed
trixie
2:11.08.01-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
netpbm-free
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY
http://www.openwall.com/lists/oss-security/2008/10/22/7
http://www.openwall.com/lists/oss-security/2008/10/23/2
http://www.securityfocus.com/bid/31871
https://exchange.xforce.ibmcloud.com/vulnerabilities/46054
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html
http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY
http://www.openwall.com/lists/oss-security/2008/10/22/7
http://www.openwall.com/lists/oss-security/2008/10/23/2
http://www.securityfocus.com/bid/31871
https://exchange.xforce.ibmcloud.com/vulnerabilities/46054
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html