CVE-2009-2175

NameCVE-2009-2175
DescriptionStack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs533361, 601735

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-xcf-thumbnailer (PTS)jessie1.0-1.1fixed
stretch1.0-1.2fixed
xcftools (PTS)jessie1.0.7-4fixed
buster, bullseye, stretch, sid1.0.7-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-xcf-thumbnailersource(unstable)1.0-1.1low601735
xcftoolssource(unstable)1.0.7-1low533361
xcftoolssourceetch1.0.4-1+etch1
xcftoolssourcelenny1.0.4-1+lenny1

Notes

[lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems