CVE-2018-8975

Publication date 25 March 2018

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

Description

The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.

Read the notes from the security team

Status

Package Ubuntu Release Status
netpbm-free 17.10 artful
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes

debian

Vulnerable code not present, Debian uses an unaffected fork

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.5 · Medium

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Other references

Access our resources on patching vulnerabilities