How severe is CVE-2009-2412?

This vulnerability has a severity rating of HIGH with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2009-2412?

This is classified as CWE-189, which is a common weakness in software security.

CVE-2009-2412 - HIGH Severity | CVSS 10

Vulnerability Description

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Related Vulnerabilities

CVE-2015-8396

CRITICAL

CVSS:10.0(Critical)

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitr...

CWE-1892015

CVE-2007-1383

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destro...

CWE-1892007

CVE-2011-2013

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by s...

CWE-1892011

CVE-2014-9766

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code ...

CWE-1892014

CVE-2016-0859

CRITICAL

CVSS:9.8(Critical)

Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC ...

CWE-1892016

CVE-2016-10145

CRITICAL

CVSS:9.8(Critical)

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

CWE-1892016