CVE-2009-2294

EUVD-2009-2290
Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
dillodillo
𝑥
≤ 2.1
dillodillo
0.0.0
dillodillo
0.0.1
dillodillo
0.0.2
dillodillo
0.0.3
dillodillo
0.0.4
dillodillo
0.0.5
dillodillo
0.0.6
dillodillo
0.0.42
dillodillo
0.0.43
dillodillo
0.1.0
dillodillo
0.2
dillodillo
0.2.1
dillodillo
0.2.2
dillodillo
0.2.3
dillodillo
0.2.4
dillodillo
0.3
dillodillo
0.3.1
dillodillo
0.3.2
dillodillo
0.4
dillodillo
0.5.0
dillodillo
0.5.1
dillodillo
0.6
dillodillo
0.6.1
dillodillo
0.6.2
dillodillo
0.6.3
dillodillo
0.6.4
dillodillo
0.6.5
dillodillo
0.6.6
dillodillo
0.7
dillodillo
0.7.1
dillodillo
0.7.1.2
dillodillo
0.7.2
dillodillo
0.7.3
dillodillo
0.8
dillodillo
0.8.1
dillodillo
0.8.2
dillodillo
0.8.3
dillodillo
0.8.4
dillodillo
0.8.5:pre-dw-design1
dillodillo
0.8.5:pre-dw-design2
dillodillo
0.8.5:pre-dw-design3
dillodillo
0.8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dillo
bookworm
3.0.5-7
fixed
bullseye
3.0.5-7
fixed
sid
3.0.5-7.1
fixed
trixie
3.0.5-7.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dillo
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://osvdb.org/55656
http://secunia.com/advisories/35647
http://www.ocert.org/advisories/ocert-2009-008.html
http://www.securityfocus.com/archive/1/504727/100/0/threaded
http://osvdb.org/55656
http://secunia.com/advisories/35647
http://www.ocert.org/advisories/ocert-2009-008.html
http://www.securityfocus.com/archive/1/504727/100/0/threaded