CVE-2005-2978

NameCVE-2005-2978
Descriptionpnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-878-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netpbm-free (PTS)jessie2:10.0-15.2fixed
buster, stretch2:10.0-15.3fixed
bullseye2:10.0-15.4fixed
bookworm2:11.01.00-2fixed
trixie2:11.05.02-1fixed
sid2:11.05.03-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netpbm-freesourcewoody(not affected)DSA-878-1
netpbm-freesourcesarge2:10.0-8sarge1DSA-878-1
netpbm-freesource(unstable)2:10.0-10
Search for package or bug name: Reporting problems