6.8 - CVE-2009-5018

Executive Summary

Informations
Name	CVE-2009-5018	First vendor Publication	2011-01-14
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5018

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Catb gif2png cpe:2.3:a:catb:gif2png:2.5.2:::::::* cpe:2.3:a:catb:gif2png:2.5.1:::::::* cpe:2.3:a:catb:gif2png:2.5.0:::::::* cpe:2.3:a:catb:gif2png:2.4.7:::::::* cpe:2.3:a:catb:gif2png:2.4.6:::::::* cpe:2.3:a:catb:gif2png:2.4.5:::::::* cpe:2.3:a:catb:gif2png:2.4.4:::::::* cpe:2.3:a:catb:gif2png:2.4.3:::::::* cpe:2.3:a:catb:gif2png:2.4.2:::::::* cpe:2.3:a:catb:gif2png:2.4.1:::::::* cpe:2.3:a:catb:gif2png:2.4.0:::::::* cpe:2.3:a:catb:gif2png:2.3.3:::::::* cpe:2.3:a:catb:gif2png:2.3.2:::::::* cpe:2.3:a:catb:gif2png:2.3.1:::::::* cpe:2.3:a:catb:gif2png:2.3.0:::::::* cpe:2.3:a:catb:gif2png:2.2.5:::::::* cpe:2.3:a:catb:gif2png:2.2.4:::::::* cpe:2.3:a:catb:gif2png:2.2.3:::::::* cpe:2.3:a:catb:gif2png:2.2.2:::::::* cpe:2.3:a:catb:gif2png:2.2.1:::::::* cpe:2.3:a:catb:gif2png:2.2.0:::::::* cpe:2.3:a:catb:gif2png:2.1.3:::::::* cpe:2.3:a:catb:gif2png:2.1.2:::::::* cpe:2.3:a:catb:gif2png:2.1.1:::::::* cpe:2.3:a:catb:gif2png:2.0.3:::::::* cpe:2.3:a:catb:gif2png:2.0.2:::::::* cpe:2.3:a:catb:gif2png:2.0.1:::::::* cpe:2.3:a:catb:gif2png:2.0.0:::::::* cpe:2.3:a:catb:gif2png:1.2.2:::::::* cpe:2.3:a:catb:gif2png:1.2.1:::::::* cpe:2.3:a:catb:gif2png:1.2.0:::::::* cpe:2.3:a:catb:gif2png:1.1.1:::::::* cpe:2.3:a:catb:gif2png:1.1.0:::::::* cpe:2.3:a:catb:gif2png:1.0.0:::::::* cpe:2.3:a:catb:gif2png:0.99:::::::*	35

OpenVAS Exploits

Date	Description
2012-04-30	Name : Gentoo Security Advisory GLSA 201203-15 (gif2png) File : nvt/glsa_201203_15.nasl
2011-03-09	Name : Gentoo Security Advisory GLSA 201101-01 (gif2png) File : nvt/glsa_201101_01.nasl
2011-01-21	Name : Mandriva Update for gif2png MDVSA-2011:009 (gif2png) File : nvt/gb_mandriva_MDVSA_2011_009.nasl
2010-11-23	Name : Fedora Update for gif2png FEDORA-2010-0358 File : nvt/gb_fedora_2010_0358_gif2png_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
63300	gif2png gif2png.c Command Line Argument Overflow

Nessus® Vulnerability Scanner

Date	Description
2012-03-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-15.nasl - Type : ACT_GATHER_INFO
2011-01-28	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-009.nasl - Type : ACT_GATHER_INFO
2011-01-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-01.nasl - Type : ACT_GATHER_INFO
2010-11-22	Name : The remote Fedora host is missing a security update. File : fedora_2010-0358.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
http://bugs.gentoo.org/show_bug.cgi?id=346501
http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05122...
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html
http://openwall.com/lists/oss-security/2010/11/21/1
http://openwall.com/lists/oss-security/2010/11/22/1
http://openwall.com/lists/oss-security/2010/11/22/12
http://openwall.com/lists/oss-security/2010/11/22/3
http://secunia.com/advisories/42796
http://security.gentoo.org/glsa/glsa-201101-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:009
http://www.securityfocus.com/bid/41801
http://www.vupen.com/english/advisories/2010/3036
http://www.vupen.com/english/advisories/2011/0023
http://www.vupen.com/english/advisories/2011/0107
https://bugzilla.redhat.com/show_bug.cgi?id=547515
https://exchange.xforce.ibmcloud.com/vulnerabilities/64820

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:06:24	Multiple Updates
2024-11-28 12:20:41	Multiple Updates
2021-05-04 12:10:45	Multiple Updates
2021-04-22 01:11:14	Multiple Updates
2020-05-23 01:41:20	Multiple Updates
2020-05-23 00:24:52	Multiple Updates
2017-08-17 09:22:51	Multiple Updates
2016-04-26 19:27:53	Multiple Updates
2014-02-17 10:52:57	Multiple Updates
2013-05-11 00:05:01	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	35
Sources(s)	18
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	4

	Related
6.8	MDVSA-2011:009
6.8	GLSA-201203-15
6.8	GLSA-201101-01
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

6.8 - CVE-2009-5018

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU