Fluid Attacks Database

Description

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	xemacs21	>=0 <21.4.22-3	21.4.22-3
debian 12	xemacs21	>=0 <21.4.22-3	21.4.22-3

Aliases

1. CVE-2009-26882. NVD-2009-26883. OSV-DEBIAN-2009-26884. OSV-2009-26885. SECURITY-TRACKER-CVE-2009-2688

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.