Home > Vulnerability Database > CVE-2009-3296

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-3296

Date: October 20, 2009

Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.

Severity Score

4.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3296

Url: http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz

Url: http://www.securityfocus.com/bid/36713

Url: http://www.debian.org/security/2009/dsa-1912

Url: http://secunia.com/advisories/37067

Url: http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz

Url: https://www.mend.io/vulnerability-database/CVE-2009-3296

Severity Score

4.8

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us