Bug 908432

Summary: pbm2l2030: Stack-based buffer overflow when reading PBM stream lines during image printing
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dkholia, security-response-team, twaugh
Target Milestone: ---Keywords: Patch, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-01 09:15:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 908438    

Description Jan Lieskovsky 2013-02-06 17:06:26 UTC 
A stack-based buffer overflow flaw was found in the way pbm2l2030, a filter to convert raw Portable Bitmap Format (PBM) image data to the printer language of Lexmark 2030 printers, performed reading of PBM stream line data during image printing / conversion. A remote attacker could provide a specially-crafted PBM image file that, when processed by the filter, would lead to pbm2l2030 executable crash or, potentially, arbitrary code execution with the privileges of the user running the pbm2l2030 binary.

This issue was discovered by Murray McAllister of Red Hat Security Response Team.
Comment 1 Jan Lieskovsky 2013-02-06 17:11:26 UTC 
This issue affects the version of the pbm2l2030 package, as shipped with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the pbm2l2030 package, as shipped with Fedora release of 16, 17, and 18.