CVEDB API

Vulnerability Details CVE-2009-2295

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.3%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/35819
http://www.debian.org/security/2009/dsa-1832
http://www.ocert.org/advisories/ocert-2009-009.html
http://www.securityfocus.com/archive/1/504696/100/0/threaded
http://www.securityfocus.com/bid/35556
http://www.vupen.com/english/advisories/2009/1874
http://secunia.com/advisories/35819
http://www.debian.org/security/2009/dsa-1832
http://www.ocert.org/advisories/ocert-2009-009.html
http://www.securityfocus.com/archive/1/504696/100/0/threaded
http://www.securityfocus.com/bid/35556
http://www.vupen.com/english/advisories/2009/1874

Products affected by CVE-2009-2295

Jun Furuse » Camlimages » Version: Any

cpe:2.3:a:jun_furuse:camlimages:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2295

Products

Pricing

Contact Us