CVE-2009-1570

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

Publication date: Mon, 07 Feb 2022 23:54:00 +0000


Cyber News related to CVE-2009-1570

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
CVE-2009-1570 - Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. ...
1 year ago
CVE-2007-1570 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-1438. Reason: This candidate is a duplicate of CVE-2007-1438. Notes: All CVE users should reference CVE-2007-1438 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2020-1570 - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1555. ...
3 years ago
CVE-2020-1555 - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, ...
3 years ago
CVE-1999-1571 - Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570. ...
8 years ago
CVE-2008-1570 - Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to ...
7 years ago
CVE-2011-1570 - Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability ...
4 years ago
CVE-2001-1570 - Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. ...
16 years ago
CVE-2005-1570 - forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. ...
16 years ago
CVE-2013-1570 - Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. ...
10 years ago
CVE-2015-1570 - The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. ...
9 years ago
CVE-1999-1570 - Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. ...
8 years ago
CVE-2002-1570 - Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write ...
7 years ago
CVE-2004-1570 - SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter. ...
7 years ago
CVE-2006-1570 - Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. ...
7 years ago
CVE-2003-1570 - The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server ...
7 years ago
CVE-2010-1570 - The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server ...
7 years ago
CVE-2017-1570 - IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. ...
7 years ago
CVE-2016-1570 - The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page ...
6 years ago
CVE-2019-1570 - The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. ...
5 years ago
CVE-2012-1570 - The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)