CVE-2003-0146

Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2003/dsa-263	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-060.html
http://www.kb.cert.org/vuls/id/630433	US Government Resource
http://www.securityfocus.com/bid/6979
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
http://marc.info/?l=bugtraq&m=104644687816522&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/11463

Configurations

Configuration 1 (hide)

cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*

Information

Published : 2003-03-31 05:00

Updated : 2017-07-11 01:29

NVD link : CVE-2003-0146

Mitre link : CVE-2003-0146

JSON object : View

Products Affected

netpbm

netpbm

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2003/dsa-263", "name": "DSA-263", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html", "name": "RHSA-2003:060", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.kb.cert.org/vuls/id/630433", "name": "VU#630433", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/6979", "name": "6979", "tags": [], "refsource": "BID"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656", "name": "CLSA-2003:656", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://marc.info/?l=bugtraq&m=104644687816522&w=2", "name": "20030228 NetPBM, multiple vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463", "name": "netpbm-multiple-bo(11463)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0146", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2003-03-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.20"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}