{ "id": "CVE-2009-2294", "sourceIdentifier": "cve@mitre.org", "published": "2009-07-05T16:30:00.407", "lastModified": "2024-11-21T01:04:32.557", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values." }, { "lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n Png_datainfo_callback de Dillo v2.1 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen PNG con el valor modificado (1) ancho o (2) alto." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-189" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.1", "matchCriteriaId": "ED82B0BA-5C9C-4D63-8418-3B45DC8504FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8FFAC5E-77BD-4BF3-8906-FDF240C8E5C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DCC27FB-CEA9-4AA5-9A2C-4A4BD7D3B1A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B31B232-9C62-4FCF-99B8-7C154AF82349" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "61E3A452-0124-4C50-8BBC-64C34C743EF7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C50FE697-0933-40E3-95BF-C07157E46112" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "47F81343-8538-402B-A5B6-CED15AA2FCCB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D8859A15-05AB-4883-BA0E-DD96DB2EBE9C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "7B3C6AF7-C4C1-4BD7-A1F2-8CAD91E28F7D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "7BE17AFD-F40D-43DB-B45B-222C9262BEA3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3ED11811-287D-4860-9FDC-2DA5E79514E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D555945-9CD8-4C64-88C9-7165B2F9F6A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "735EAB61-5A0B-4FA6-9336-D9DD279996D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "086FA8E2-AB31-4A16-A817-6DDE3D6CF1BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1E7DB3E1-3697-4000-B10A-BD9699406CAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE29B322-482D-4F67-88AB-A71FC1343876" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "109B06EE-5761-47F7-924D-FCBA32E8D76E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F44478CC-17C3-4F1B-AA62-D38148429C46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B36E45EF-2659-40BA-B4B8-8BE85BE0A302" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AB0EFCAE-417F-4BA2-B47D-C3798658C857" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "14DF2E87-8CB6-41EE-AE17-93CA27A8B5FA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "26B89365-6959-4647-A589-994E0060FFB9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "033E89CE-2EE6-41C0-9146-0F1B56C798B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A0F574E-EB2B-4014-A17F-15C7A31947F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE4AB244-DBC9-4CC4-A6F4-A387E516CA1C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "26DE54F9-49D5-4994-B666-047F4A0BA243" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "598E7C2A-2BF1-4CD6-A3E6-9547F17E04FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "7DBEA2E6-481F-44FA-8D40-1DBC452A5DCA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A7933C08-CB36-41A3-94FA-6F594771D8C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "AE50669F-DA11-4F51-BD86-0EDC451045AC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "75B1797D-CD5F-4875-8FBF-31488BD40282" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6A4A558A-B9DF-44E8-81C9-6925AD22B173" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "436855BE-C8EA-46A0-8B8C-3F0F437285E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "874E4818-DA1A-4D8E-9E32-45011FF4856E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D29B4FC0-C665-4AD7-AB97-E4A743230F78" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1ACF40C-4A44-451C-934E-1EC11AF6C5EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7293FB7-4E6F-4ADA-B4A1-2C21BDC0EECD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "E5BB7C24-A110-4204-AF2E-EDEBF58BE252" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "C8F8EDA4-EFDA-47F1-928A-22442DA2355E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.5:pre-dw-design1:*:*:*:*:*:*", "matchCriteriaId": "062D40F5-C0E6-44B2-B573-CB846FE72819" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.5:pre-dw-design2:*:*:*:*:*:*", "matchCriteriaId": "179E7B4D-6818-4722-9113-2EC3453A5F6E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.5:pre-dw-design3:*:*:*:*:*:*", "matchCriteriaId": "82E27AD6-F43B-4000-A251-770C5FFCC91A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dillo:dillo:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "65DE3B84-383A-4952-ABA1-02099E9693F0" } ] } ] } ], "references": [ { "url": "http://osvdb.org/55656", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/35647", "source": "cve@mitre.org" }, { "url": "http://www.ocert.org/advisories/ocert-2009-008.html", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/504727/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://osvdb.org/55656", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/35647", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.ocert.org/advisories/ocert-2009-008.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/504727/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }