{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-210-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/210-1/"}, {"name": "1015071", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015071"}, {"name": "ADV-2005-2133", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2133"}, {"name": "17282", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17282"}, {"name": "DSA-878", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-878"}, {"name": "17221", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17221"}, {"name": "17357", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17357"}, {"name": "RHSA-2005:793", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"}, {"name": "17256", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17256"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"}, {"name": "17265", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17265"}, {"name": "17222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17222"}, {"name": "SUSE-SR:2005:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"}, {"name": "GLSA-200510-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"}, {"name": "15128", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15128"}, {"name": "oval:org.mitre.oval:def:10135", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:53:30.137Z"}, "title": "CVE Program Container", "references": [{"name": "USN-210-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/210-1/"}, {"name": "1015071", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015071"}, {"name": "ADV-2005-2133", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2133"}, {"name": "17282", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17282"}, {"name": "DSA-878", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-878"}, {"name": "17221", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17221"}, {"name": "17357", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17357"}, {"name": "RHSA-2005:793", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"}, {"name": "17256", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17256"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"}, {"name": "17265", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17265"}, {"name": "17222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17222"}, {"name": "SUSE-SR:2005:024", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"}, {"name": "GLSA-200510-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"}, {"name": "15128", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15128"}, {"name": "oval:org.mitre.oval:def:10135", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-2978", "datePublished": "2005-10-18T04:00:00.000Z", "dateReserved": "2005-09-19T00:00:00.000Z", "dateUpdated": "2024-08-07T22:53:30.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*", "matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*", "matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*", "matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "EC42B061-EB8E-49B4-B041-42B31672C42D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*", "matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*", "matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*", "matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*", "matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*", "matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*", "matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*", "matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*", "matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*", "matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E", "vulnerable": true}, {"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*", "matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack."}], "id": "CVE-2005-2978", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-10-18T22:02:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17221"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17222"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17256"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17265"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17282"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17357"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1015071"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2005/dsa-878"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15128"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2005/2133"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/210-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2005/dsa-878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/210-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:793", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "netpbm-0:10.25-2.EL4.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2005-10-18T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617774"}, "csaw": false, "details": ["pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack."], "name": "CVE-2005-2978", "public_date": "2005-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2005-2978\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-2978"], "threat_severity": "Moderate"}

{}