Lucene search

[email protected]CVE-2009-2175

HistoryJun 23, 2009 - 9:30 p.m.

CVE-2009-2175

2009-06-2321:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2175

information security

buffer overflow

xcftools

denial of service

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location “above or to the left of the canvas.” NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

henning_makholmxcftoolsMatch1.0.4

CPENameOperatorVersion
henning_makholm:xcftoolshenning makholm xcftoolseq1.0.4

CPE	Name	Operator	Version
henning_makholm:xcftools	henning makholm xcftools	eq	1.0.4

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=533361

lists.fedoraproject.org/pipermail/package-announce/2010-November/050526.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050542.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050562.html

osvdb.org/55187

secunia.com/advisories/35397

www.securityfocus.com/bid/43883

www.vupen.com/english/advisories/2009/1638

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8 High

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2009-2175

openvas6 ubuntucve1 fedora3 nessus3 prion1 cvelist1 debiancve1 nvd1