CVE-2009-2294

Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
dillodillo
𝑥
≤ 2.1
dillodillo
0.0.0
dillodillo
0.0.1
dillodillo
0.0.2
dillodillo
0.0.3
dillodillo
0.0.4
dillodillo
0.0.5
dillodillo
0.0.6
dillodillo
0.0.42
dillodillo
0.0.43
dillodillo
0.1.0
dillodillo
0.2
dillodillo
0.2.1
dillodillo
0.2.2
dillodillo
0.2.3
dillodillo
0.2.4
dillodillo
0.3
dillodillo
0.3.1
dillodillo
0.3.2
dillodillo
0.4
dillodillo
0.5.0
dillodillo
0.5.1
dillodillo
0.6
dillodillo
0.6.1
dillodillo
0.6.2
dillodillo
0.6.3
dillodillo
0.6.4
dillodillo
0.6.5
dillodillo
0.6.6
dillodillo
0.7
dillodillo
0.7.1
dillodillo
0.7.1.2
dillodillo
0.7.2
dillodillo
0.7.3
dillodillo
0.8
dillodillo
0.8.1
dillodillo
0.8.2
dillodillo
0.8.3
dillodillo
0.8.4
dillodillo
0.8.5:pre-dw-design1
dillodillo
0.8.5:pre-dw-design2
dillodillo
0.8.5:pre-dw-design3
dillodillo
0.8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dillo
bookworm
3.0.5-7
fixed
bullseye
3.0.5-7
fixed
sid
3.0.5-7.1
fixed
trixie
3.0.5-7.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dillo
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://osvdb.org/55656
http://secunia.com/advisories/35647
http://www.ocert.org/advisories/ocert-2009-008.html
http://www.securityfocus.com/archive/1/504727/100/0/threaded
http://osvdb.org/55656
http://secunia.com/advisories/35647
http://www.ocert.org/advisories/ocert-2009-008.html
http://www.securityfocus.com/archive/1/504727/100/0/threaded