Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1284 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bibtex

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Texlive-bin Bibtex

Timeline

PublishedApr 9

Latest updateMay 2

Description

Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDbibtex/bibtex0.99

▶debiandebian/texlive-bin< texlive-bin 2009-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-pwxh-j76w-whrf: Buffer overflow in BibTeX 0↗2022-05-02

▶

OSV

CVE-2009-1284: Buffer overflow in BibTeX 0↗2009-04-09

▶

💥Exploits & PoCs

Exploit-DB

BibTeX - '.bib' File Handling Memory Corruption↗2009-11-13

▶

📋Vendor Advisories

Ubuntu

TeX Live vulnerabilities↗2010-05-06

▶

Red Hat

texlive: bibtex's invalid reads/writes when parsing big *.bib file↗2009-03-23

▶

Debian

CVE-2009-1284: texlive-bin - Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a den...↗2009

▶

💬Community

Bugzilla

CVE-2009-1284 tetex, texlive: bibtex's invalid reads/writes when parsing big *.bib file↗2009-03-25

▶