Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-2175

Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2009-2175 (Candidate) is related to these bugs:

Bug #407985: Please sync xcftools 1.0.7-1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	407985	Please sync xcftools 1.0.7-1 (universe) from Debian unstable (main).		xcftools (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
OSVDB: 55187
SECUNIA: 35397
VUPEN: ADV-2009-1638
FEDORA: FEDORA-2010-17004
FEDORA: FEDORA-2010-17035
FEDORA: FEDORA-2010-17041
BID: 43883