CVE-2005-3662

Description

Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

How to fix CVE-2005-3662

To remediate CVE-2005-3662, upgrade the affected package to a fixed version below.

• Debian/netpbm-free—upgrade to 2:10.0-10.1 or later

Is CVE-2005-3662 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2:10.0-10.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3662