suse · CVE-2018-8975

Quick triage

Priority: low Published: 2021-05-30 14:12:06 UTC Updated: 2026-04-17 15:28:56 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-8975 severity low: SUSE including 28 source package names (libnetpbm-devel, libnetpbm-devel-10.66.3-8.7.2, …), 90 product×package rows across 47 product lines (SUSE Linux Enterprise Desktop 12 SP3, SUSE Linux Enterprise Desktop 12 SP4, … (47 product lines)): Fixed 81, Known Not Affected 9.

Description:

The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.

cvelogic Threat Intelligence