CVE-2005-2978
netpbm-free - buffer overflow
EPSS 4.6%
Description
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
How to fix CVE-2005-2978
To remediate CVE-2005-2978, upgrade the affected package to a fixed version below.
- Debian/netpbm-free—upgrade to 2:10.0-10 or later
- Debian/netpbm-free—upgrade to 2:10.0-8sarge1 or later
Is CVE-2005-2978 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:10.0-10
- from 0, < 2:10.0-8sarge1