CVE-2009-4012

Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
linux.thailibthai
𝑥
≤ 0.1.12
linux.thailibthai
0.1.0
linux.thailibthai
0.1.1
linux.thailibthai
0.1.2
linux.thailibthai
0.1.3
linux.thailibthai
0.1.4
linux.thailibthai
0.1.5
linux.thailibthai
0.1.6
linux.thailibthai
0.1.7
linux.thailibthai
0.1.8
linux.thailibthai
0.1.9
linux.thailibthai
0.1.10
linux.thailibthai
0.1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libthai
bullseye
0.1.28-3
fixed
bookworm
0.1.29-1
fixed
sid
0.1.29-2
fixed
trixie
0.1.29-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libthai
karmic
Fixed 0.1.12-1ubuntu0.2
released
jaunty
Fixed 0.1.9-4ubuntu0.9.04.2
released
intrepid
Fixed 0.1.9-4ubuntu0.8.10.2
released
hardy
Fixed 0.1.9-1ubuntu0.2
released
dapper
ignored
Common Weakness Enumeration
References
http://linux.thai.net/node/184
http://linux.thai.net/svn/software/libthai/tags/r_0_1_13/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
http://secunia.com/advisories/38196
http://secunia.com/advisories/38213
http://secunia.com/advisories/38235
http://secunia.com/advisories/38420
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9-4+lenny1.diff.gz
http://ubuntu.com/usn/usn-887-1
http://www.debian.org/security/2010/dsa-1971
http://www.securityfocus.com/bid/37822
http://linux.thai.net/node/184
http://linux.thai.net/svn/software/libthai/tags/r_0_1_13/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
http://secunia.com/advisories/38196
http://secunia.com/advisories/38213
http://secunia.com/advisories/38235
http://secunia.com/advisories/38420
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9-4+lenny1.diff.gz
http://ubuntu.com/usn/usn-887-1
http://www.debian.org/security/2010/dsa-1971
http://www.securityfocus.com/bid/37822