Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2009-2688

Published: Aug 05, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2009-2688
CWEhttps://cwe.mitre.org/data/definitions/189.html

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Software

Name Vendor Start Version End Version
Xemacs Xemacs 21.4.22 (including) 21.4.22 (including)
Xemacs21 Ubuntu dapper *
Xemacs21 Ubuntu hardy *
Xemacs21 Ubuntu intrepid *
Xemacs21 Ubuntu jaunty *
Xemacs21 Ubuntu karmic *
Xemacs21 Ubuntu lucid *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use