Vulnerabilities > CVE-2009-2369 - Numeric Errors vulnerability in Wxwidgets 2.8.10
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1890.NASL description Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file. last seen 2020-06-01 modified 2020-06-02 plugin id 44755 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44755 title Debian DSA-1890-1 : wxwindows2.4 wxwidgets2.6 wxwidgets2.8 - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1890. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44755); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2369"); script_bugtraq_id(35552); script_xref(name:"DSA", value:"1890"); script_name(english:"Debian DSA-1890-1 : wxwindows2.4 wxwidgets2.6 wxwidgets2.8 - integer overflow"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1890" ); script_set_attribute( attribute:"solution", value: "Upgrade the wxwidgets packages. For the oldstable distribution (etch), this problem has been fixed in version 2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for wxwidgets2.6. For the stable distribution (lenny), this problem has been fixed in version 2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version 2.8.7.1-1.1+lenny1 for wxwidgets2.8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwidgets2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwidgets2.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwindows2.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libwxbase2.4-1", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxbase2.4-dbg", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxbase2.4-dev", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxbase2.6-0", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxbase2.6-dbg", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxbase2.6-dev", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.4-1", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.4-1-contrib", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.4-contrib-dev", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.4-dbg", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.4-dev", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.6-0", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.6-dbg", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libwxgtk2.6-dev", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"python-wxgtk2.4", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"python-wxgtk2.6", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"python-wxtools", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"python-wxversion", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx-common", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.4-doc", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.4-examples", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.4-headers", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.4-i18n", reference:"2.4.5.1.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.6-doc", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.6-examples", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.6-headers", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"wx2.6-i18n", reference:"2.6.3.2.1.5+etch1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.6-0", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.6-dev", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.8-0", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxbase2.8-dev", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.6-0", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.6-dev", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.8-0", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libwxgtk2.8-dev", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxgtk2.6", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxgtk2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxgtk2.8", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxgtk2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxtools", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"python-wxversion", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx-common", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.6-doc", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.6-examples", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.6-headers", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.6-i18n", reference:"2.6.3.2.2-3+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.8-doc", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.8-examples", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.8-headers", reference:"2.8.7.1-1.1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"wx2.8-i18n", reference:"2.8.7.1-1.1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2009-7780.NASL description added fix for CVE-2009-2369 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40346 published 2009-07-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40346 title Fedora 11 : wxGTK-2.8.10-2.fc11 (2009-7780) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7794.NASL description The remote Fedora host is missing one or more security updates : moin-1.8.4-2.fc11 : This update removes the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn last seen 2020-06-01 modified 2020-06-02 plugin id 39866 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39866 title Fedora 10 : wxGTK-2.8.10-2.fc10 / Fedora 11 : moin-1.8.4-2.fc11 (2009-7794) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7763.NASL description The remote Fedora host is missing one or more security updates : compat-wxGTK26-2.6.4-10.fc10 : Added rediffed fix for CVE-2009-2369 as found in wxGTK 2.8.10 mingw32-libtiff-3.8.2-17.fc11 : - update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39863 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39863 title Fedora 10 : compat-wxGTK26-2.6.4-10.fc10 / Fedora 11 : mingw32-libtiff-3.8.2-17.fc11 (2009-7763) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7755.NASL description Added rediffed fix for CVE-2009-2369 as found in wxGTK 2.8.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39861 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39861 title Fedora 11 : compat-wxGTK26-2.6.4-10.fc11 (2009-7755) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201009-01.NASL description The remote host is affected by the vulnerability described in GLSA-201009-01 (wxGTK: User-assisted execution of arbitrary code) wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact : A remote attacker might entice a user to open a specially crafted JPEG file using a program that uses wxGTK, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 49098 published 2010-09-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49098 title GLSA-201009-01 : wxGTK: User-assisted execution of arbitrary code NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-204.NASL description A vulnerability has been found and corrected in wxgtk : Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third-party information (CVE-2009-2369). This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 40636 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40636 title Mandriva Linux Security Advisory : wxgtk (MDVSA-2009:204)
References
- http://osvdb.org/55520
- http://secunia.com/advisories/35351
- http://secunia.com/advisories/35913
- http://www.securityfocus.com/bid/35552
- http://www.vupen.com/english/advisories/2009/1770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51516
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00693.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00712.html