Netpbm buffer ovflow Vladimir Nadvornik from Suse discovered a buffer overfow in pnmtopng which will overflow the textine[256] buffer This issue also affects RHEL2.1
Created attachment 121124 [details] Proposed patch for this issue
This patch looks like it needs backporting as netpbm-9.24 we have doesn't contain the "convertor/other" directory hierarchy. The 9.24 pnmtopng misses the allocation check for "cp", so that the code there would segfault if malloc fails. This is what I fixed in addition to this patch. Patches for 2.1 and 3 are finished. Waiting on info whether to commit or not to non-embargoed branch.
Applied. Packages added to the errata, rpmdiff passed, test request filed.
Created attachment 121853 [details] New patch that fixes the buffer overflows. The original patch didn't fix all possible overflows/underflows so a basic all of: "pnmtopng -text file.txt test.pnm" still segfaulted. This is now fixed by this patch.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-843.html