VDB
CVE-2009-4274
CVE-2009-4274
PUBLISHED
CVSS 7.5 HIGH
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
EPSS 2.54% · 85.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
2.54%
85.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| netpbm | netpbm | 10.35.38, 10.0, 10.1 |
| n/a | n/a | n/a |
Exploit Intelligence
- RHSA-2011:1811 (circl)
- http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 (circl)
- ADV-2010-0358 (circl)
- 38530 (circl)
- [oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274) (circl)
- ADV-2010-0780 (circl)
- netpbm-xpm-bo(56207) (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=546580 (circl)
- SUSE-SR:2010:006 (circl)
- DSA-2026 (circl)
…and 4 more exploits
Timeline
- Feb 12, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://secunia.com/advisories/38530 technical
- http://secunia.com/advisories/38915 technical
- RHSA-2011:1811 vendor-advisory
- http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 url
- ADV-2010-0358 vdb
- [oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274) mailing-list
- ADV-2010-0780 vdb
- netpbm-xpm-bo(56207) vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=546580 url
- SUSE-SR:2010:006 vendor-advisory
- DSA-2026 vendor-advisory
- http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup url
- 38164 vdb
- MDVSA-2010:039 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-4274 advisory
- https://access.redhat.com/errata/RHSA-2011:1811 url
- https://access.redhat.com/security/cve/CVE-2009-4274 url