Secunia Security Advisory - A vulnerability has been reported in pnmtopng, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error when writing RGBA-palette PNG files. This can be exploited to crash pnmtopng and may allow arbitrary code execution via a specially crafted input file with exactly 256 colours. Successful exploitation requires that pnmtopng is used with the -alpha command line, and e.g. pnmtopng is used in a CGI application that allows remote users to submit image files for processing, or by tricking a user to use pnmtopng with a malicious .pnm file. The vulnerability has been reported in versions prior to 2.39. Note: Several potential malloc allocation overflow bugs have also been fixed.
2a67b238c8a336d7c27f90f087853e6afc3d41ee8449d22c4fc25797fc1d329d