CVE-2009-2175

NameCVE-2009-2175
DescriptionStack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs533361, 601735

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xcftools (PTS)buster1.0.7-6+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-xcf-thumbnailersource(unstable)1.0-1.1low601735
xcftoolssourceetch1.0.4-1+etch1
xcftoolssourcelenny1.0.4-1+lenny1
xcftoolssource(unstable)1.0.7-1low533361

Notes

[lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems