Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3994

Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.

Related bugs and status

CVE-2009-3994 (Candidate) is related to these bugs:

Bug #603689: [Security] devil - Fix buffer overflows

		In	Importance	Status
603689	[Security] devil - Fix buffer overflows	devil (Ubuntu)	Undecided	Invalid
603689	[Security] devil - Fix buffer overflows	devil (Ubuntu Jaunty)	Medium	Invalid
603689	[Security] devil - Fix buffer overflows	devil (Ubuntu Karmic)	Medium	Invalid
603689	[Security] devil - Fix buffer overflows	devil (Ubuntu Hardy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
BID: 37207
SECUNIA: 37507
FEDORA: FEDORA-2009-13219
FEDORA: FEDORA-2009-13255
SECUNIA: 37955
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
XF: devil-getuid-bo(54547)
BUGTRAQ: 20091204 Secunia Resea...