CVE-2009-2688Integer Overflow or Wraparound in Xemacs

CWE-189CWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
10.0CRITICALNVD
EPSS
5.3%
top 9.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Xemacs21Xemacs
Timeline
PublishedAug 5
Latest updateMay 2

Description

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obt

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

debiandebian/xemacs21< xemacs21 21.4.22-3 (bookworm)
NVDxemacs/xemacs21.4.22

🔴Vulnerability Details

2
GHSA
GHSA-jvwc-xf39-g9w4: Multiple integer overflows in glyphs-eimage2022-05-02
OSV
CVE-2009-2688: Multiple integer overflows in glyphs-eimage2009-08-05

💥Exploits & PoCs

1
Exploit-DB
Boat Classifieds - SQL Injection2010-06-22

📋Vendor Advisories

2
Red Hat
xemacs: multiple integer overflow flaws2009-06-25
Debian
CVE-2009-2688: xemacs21 - Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on...2009

💬Community

1
Bugzilla
CVE-2009-2688 xemacs: multiple integer overflow flaws2009-07-15