CVE-2009-3930

Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://mx.gw.com/pipermail/file/2009/000382.html
http://www.securityfocus.com/bid/37074
http://mx.gw.com/pipermail/file/2009/000382.html
http://www.securityfocus.com/bid/37074

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:christos_zoulas:file::::::::
	cpe:2.3:a:christos_zoulas:file:3.30:::::::*
	cpe:2.3:a:christos_zoulas:file:3.31:::::::*
	cpe:2.3:a:christos_zoulas:file:3.32:::::::*
	cpe:2.3:a:christos_zoulas:file:3.33:::::::*
	cpe:2.3:a:christos_zoulas:file:3.34:::::::*
	cpe:2.3:a:christos_zoulas:file:3.36:::::::*
	cpe:2.3:a:christos_zoulas:file:3.37:::::::*
	cpe:2.3:a:christos_zoulas:file:3.38:::::::*
	cpe:2.3:a:christos_zoulas:file:3.39:::::::*
	cpe:2.3:a:christos_zoulas:file:3.40:::::::*
	cpe:2.3:a:christos_zoulas:file:3.41:::::::*
	cpe:2.3:a:christos_zoulas:file:4.01:::::::*
	cpe:2.3:a:christos_zoulas:file:4.02:::::::*
	cpe:2.3:a:christos_zoulas:file:4.03:::::::*
	cpe:2.3:a:christos_zoulas:file:4.04:::::::*
	cpe:2.3:a:christos_zoulas:file:4.06:::::::*
	cpe:2.3:a:christos_zoulas:file:4.07:::::::*
	cpe:2.3:a:christos_zoulas:file:4.08:::::::*
	cpe:2.3:a:christos_zoulas:file:4.09:::::::*
	cpe:2.3:a:christos_zoulas:file:4.11:::::::*
	cpe:2.3:a:christos_zoulas:file:4.12:::::::*
	cpe:2.3:a:christos_zoulas:file:4.13:::::::*
	cpe:2.3:a:christos_zoulas:file:4.14:::::::*
	cpe:2.3:a:christos_zoulas:file:4.15:::::::*
	cpe:2.3:a:christos_zoulas:file:4.16:::::::*
	cpe:2.3:a:christos_zoulas:file:4.17:::::::*
	cpe:2.3:a:christos_zoulas:file:4.19:::::::*
	cpe:2.3:a:christos_zoulas:file:4.20:::::::*
	cpe:2.3:a:christos_zoulas:file:4.21:::::::*
	cpe:2.3:a:christos_zoulas:file:4.23:::::::*
	cpe:2.3:a:christos_zoulas:file:4.24:::::::*
	cpe:2.3:a:christos_zoulas:file:4.25:::::::*
	cpe:2.3:a:christos_zoulas:file:4.26:::::::*
	cpe:2.3:a:christos_zoulas:file:5.00:::::::*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://mx.gw.com/pipermail/file/2009/000382.html -~~	() http://mx.gw.com/pipermail/file/2009/000382.html -
References	~~() http://www.securityfocus.com/bid/37074 -~~	() http://www.securityfocus.com/bid/37074 -

Information

Published : 2009-11-10 19:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3930

Mitre link : CVE-2009-3930

CVE.ORG link : CVE-2009-3930

JSON object : View

Products Affected

christos_zoulas

file

CWE

CWE-189

Numeric Errors

{"id": "CVE-2009-3930", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-11-10T19:30:01.687", "references": [{"url": "http://mx.gw.com/pipermail/file/2009/000382.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/37074", "source": "cve@mitre.org"}, {"url": "http://mx.gw.com/pipermail/file/2009/000382.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/37074", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow."}, {"lang": "es", "value": "M\u00faltiples desbordamiento de b\u00fafer en Christos Zoulas file before v5.02 permite a atacantes asistidos remotamente por usuarios tienen un impacto no especificado a trav\u00e9s de un componente de documento manipulado (como cdf) archivo que provoca un desbordamiento de b\u00fafer."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FC99B1-2B8B-4D1A-9862-88C7A11F5012", "versionEndIncluding": "5.01"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54717F95-DCD4-4AA0-989B-A72545496314"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83AA36FC-A47F-45AA-8754-E975BF5C75C9"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7DE688C-1F8F-4769-B041-3692CB8447F3"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA3C5EE-F2F4-4906-A9CA-4D7D7CA5E2AF"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EA857D0-9938-4109-8057-06E9EDFDC0A4"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "172DF2EE-C32A-42FE-BEDD-0DE98A00218D"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "483B2F0D-0246-42EE-9E59-AA301C6761A1"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C168BDF-B1DB-4948-BD33-0CD584F8DD47"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "140B2E4F-ACD7-473F-A6D6-207F23128C57"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "354A89D8-6C36-4EF7-B5BE-8D2179E96788"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:3.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "045C73F3-864C-4FFB-9E51-DE9CCA3C8D63"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92CA097D-A58D-4EA9-BC52-7014D464F087"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BCBD5-EDD3-4FB6-AEF5-55DD4B0397A1"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE8DA90-3E99-4F94-890F-EA09CA39826A"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02BD52B1-FDB6-4640-AB27-A3A75C74BB4F"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D839F4E-4DE8-4101-9EAA-B8930AABF48C"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24E893D9-89C6-4230-BF26-5430A8E83A45"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE7CB9E5-4E6C-4D79-B9ED-E60B7D45FC5B"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E788A36-73FF-4DE7-BA18-66C6ECA9911F"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "188DA67D-E441-4BCF-9BCF-BF02F501AE32"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56463FD8-B9D5-467D-BFEA-81B92C086B3C"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7752D6-36CD-4121-9F89-CFABB0C55D52"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CAF79C-8839-489D-A2B3-ECB97A48B6E9"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602676CC-21E6-4826-9A00-C56A6A655587"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D3F0C9-6573-4871-83BB-19E5AE8EEFA1"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F4D59F2-FD8B-472E-9A01-F1950619DA7D"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "289D758F-8662-49F3-B532-A00AD29D9867"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2BB0AD8-68BA-4DFB-A911-6DDE25823640"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B534C755-B24A-4A7A-B60E-255F2B0E4880"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BCE9B1F-7793-4B3B-9CED-DC5296A33EA5"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45027274-FB37-4F06-A9A0-C2D288E1E6DD"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC84FE48-475F-4573-9BF2-8C62C2743C95"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:4.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF4822A6-7715-4A10-9463-79F5537CE5EF"}, {"criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.3 /10