Synopsis: Moderate: netpbm security update Issue date: 2009-02-11 CVE Names: CVE-2007-2721 CVE-2008-3520 An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) SL 4.x SRPMS: i386: netpbm-10.25-2.1.el4_7.4.i386.rpm netpbm-devel-10.25-2.1.el4_7.4.i386.rpm netpbm-progs-10.25-2.1.el4_7.4.i386.rpm x86_64: netpbm-10.25-2.1.el4_7.4.i386.rpm netpbm-10.25-2.1.el4_7.4.x86_64.rpm netpbm-devel-10.25-2.1.el4_7.4.x86_64.rpm netpbm-progs-10.25-2.1.el4_7.4.x86_64.rpm SL 5.x SRPMS: i386: netpbm-10.35-6.1.el5_3.1.i386.rpm netpbm-devel-10.35-6.1.el5_3.1.i386.rpm netpbm-progs-10.35-6.1.el5_3.1.i386.rpm x86_64: netpbm-10.35-6.1.el5_3.1.i386.rpm netpbm-10.35-6.1.el5_3.1.x86_64.rpm netpbm-devel-10.35-6.1.el5_3.1.i386.rpm netpbm-devel-10.35-6.1.el5_3.1.x86_64.rpm netpbm-progs-10.35-6.1.el5_3.1.x86_64.rpm -Connie Sieh -Troy Dawson