CVE-2009-0689 (retired)

Priority
Description
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c)
and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as
used in multiple operating systems and products including in FreeBSD 6.4
and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and
3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products,
allows context-dependent attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a large
precision value in the format argument to a printf function, which triggers
incorrect memory allocation and a heap-based buffer overflow during
conversion to a floating-point number.
Notes
 mdeslaur> description omitted KDE. Mozilla has CVE-2009-1563 for the same
 mdeslaur> issue.
 mdeslaur> Red Hat released RHSA-2009:1601-01 to fix kdelibs
Assigned-to
jdstrand
Package
Upstream:needs-triage
Patches:
Upstream:http://lists.kde.org/?l=kde-commits&m=125874573511598&w=2
Package
Upstream:released (2.0.0.24)
More Information

Updated: 2019-09-19 15:14:40 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)