CVE-2009-1217

MEDIUM Year: 2009
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-193
View all →

Vulnerability Description

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

Related Vulnerabilities

CVE-2024-10442

CRITICAL
CVSS:10.0(Critical)

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 al...

CWE-1932024

CVE-2001-0609

CRITICAL
CVSS:9.8(Critical)

Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.

CWE-1932001

CVE-2001-1496

CRITICAL
CVSS:9.8(Critical)

Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CWE-1932001

CVE-2002-0083

CRITICAL
CVSS:9.8(Critical)

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CWE-1932002

CVE-2002-1816

CRITICAL
CVSS:9.8(Critical)

Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

CWE-1932002

CVE-2003-0252

CRITICAL
CVSS:9.8(Critical)

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via cer...

CWE-1932003