Gentoo Linux Security Advisory 201311-8 - A vulnerability in Netpbm could result in execution of arbitrary code or Denial of Service. Versions less than 10.49.00 are affected.
ea8452d7a1cee55fb0d6a0685cf72c7fe00baa2d82e6e1e8656247eb497acac8
Red Hat Security Advisory 2011-1811-01 - The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm, .pgm, .pnm, .ppm, and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k.
4e30cdb614403f06bdbc810bb652c4ffc82fcffc0b429f074d8a9abad1cea938
Ubuntu Security Notice 934-1 - Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
b35687a340a4fdbf7229769133d5339808e1f1c6becbce15b0647f661933d805
Debian Linux Security Advisory 2026-1 - Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
14051f709ce6403d1a744675caa6e472b5796bd620bcb7a4a8c075c290f734fc
Mandriva Linux Security Advisory 2010-039 - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
7a5d6b7bf889ee556ed937e2c8e9f9a9b35d1e918e402269a20973667ee185ee