CVE-2009-1284
published 2009-04-09CVE-2009-1284: Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
11.92%
95.6th percentile
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bibtex | bibtex | — | — |
| debian | texlive-bin | < texlive-bin 2009-1 (bookworm) | texlive-bin 2009-1 (bookworm) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pwxh-j76w-whrf: Buffer overflow in BibTeX 0
ghsa_unreviewed·2022-05-02
CVE-2009-1284 [MEDIUM] CWE-119 GHSA-pwxh-j76w-whrf: Buffer overflow in BibTeX 0
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
OSV
CVE-2009-1284: Buffer overflow in BibTeX 0
osv·2009-04-09·CVSS 5.0
CVE-2009-1284 [MEDIUM] CVE-2009-1284: Buffer overflow in BibTeX 0
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Ubuntu
TeX Live vulnerabilities
vendor_ubuntu·2010-05-06·CVSS 5.0
CVE-2009-1284 [MEDIUM] TeX Live vulnerabilities
Title: TeX Live vulnerabilities
Summary: TeX Live vulnerabilities
It was discovered that TeX Live incorrectly handled certain long .bib
bibliography files. If a user or automated system were tricked into
processing a specially crafted bib file, an attacker could cause a denial
of service via application crash. This issue only affected Ubuntu 8.04 LTS,
9.04 and 9.10. (CVE-2009-1284)
Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live
incorrectly handled certain malformed dvi files. If a user or automated
system were tricked into processing a specially crafted dvi file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2010-0739, CVE-2010-1440)
Dan Rosenberg
Red Hat
texlive: bibtex's invalid reads/writes when parsing big *.bib file
vendor_redhat·2009-03-23·CVSS 5.0
CVE-2009-1284 [MEDIUM] texlive: bibtex's invalid reads/writes when parsing big *.bib file
texlive: bibtex's invalid reads/writes when parsing big *.bib file
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
Debian
CVE-2009-1284: texlive-bin - Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a den...
vendor_debian·2009·CVSS 5.0
CVE-2009-1284 [MEDIUM] CVE-2009-1284: texlive-bin - Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a den...
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Scope: local
bookworm: resolved (fixed in 2009-1)
bullseye: resolved (fixed in 2009-1)
forky: resolved (fixed in 2009-1)
sid: resolved (fixed in 2009-1)
trixie: resolved (fixed in 2009-1)
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920http://secunia.com/advisories/34445http://security.gentoo.org/glsa/glsa-201206-28.xmlhttp://www.openwall.com/lists/oss-security/2009/04/01/8http://www.ubuntu.com/usn/USN-937-1https://bugzilla.redhat.com/show_bug.cgi?id=492136https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920http://secunia.com/advisories/34445http://security.gentoo.org/glsa/glsa-201206-28.xmlhttp://www.openwall.com/lists/oss-security/2009/04/01/8http://www.ubuntu.com/usn/USN-937-1https://bugzilla.redhat.com/show_bug.cgi?id=492136https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.html
2009-04-09
Published