Vulnerabilities > CVE-2009-2369 - Numeric Errors vulnerability in Wxwidgets 2.8.10

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
wxwidgets
CWE-189
nessus
NVD
Published: 2009-07-08
Updated: 2017-08-17

Summary

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Wxwidgets
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1890.NASL
    descriptionTielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.
    last seen2020-06-01
    modified2020-06-02
    plugin id44755
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44755
    titleDebian DSA-1890-1 : wxwindows2.4 wxwidgets2.6 wxwidgets2.8 - integer overflow
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1890. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44755);
  script_version("1.9");
  script_cvs_date("Date: 2019/08/02 13:32:22");

  script_cve_id("CVE-2009-2369");
  script_bugtraq_id(35552);
  script_xref(name:"DSA", value:"1890");

  script_name(english:"Debian DSA-1890-1 : wxwindows2.4 wxwidgets2.6 wxwidgets2.8 - integer overflow");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Tielei Wang has discovered an integer overflow in wxWidgets, the
wxWidgets Cross-platform C++ GUI toolkit, which allows the execution
of arbitrary code via a crafted JPEG file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1890"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wxwidgets packages.

For the oldstable distribution (etch), this problem has been fixed in
version 2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1
for wxwidgets2.6.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version
2.8.7.1-1.1+lenny1 for wxwidgets2.8."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwidgets2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwidgets2.8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wxwindows2.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"libwxbase2.4-1", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxbase2.4-dbg", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxbase2.4-dev", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxbase2.6-0", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxbase2.6-dbg", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxbase2.6-dev", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.4-1", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.4-1-contrib", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.4-contrib-dev", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.4-dbg", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.4-dev", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.6-0", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.6-dbg", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libwxgtk2.6-dev", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"python-wxgtk2.4", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"python-wxgtk2.6", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"python-wxtools", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"python-wxversion", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx-common", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.4-doc", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.4-examples", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.4-headers", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.4-i18n", reference:"2.4.5.1.1+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.6-doc", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.6-examples", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.6-headers", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"4.0", prefix:"wx2.6-i18n", reference:"2.6.3.2.1.5+etch1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.6-0", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.6-dev", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.8-0", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxbase2.8-dev", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.6-0", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.6-dev", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.8-0", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libwxgtk2.8-dev", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxgtk2.6", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxgtk2.6-dbg", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxgtk2.8", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxgtk2.8-dbg", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxtools", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"python-wxversion", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx-common", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.6-doc", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.6-examples", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.6-headers", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.6-i18n", reference:"2.6.3.2.2-3+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.8-doc", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.8-examples", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.8-headers", reference:"2.8.7.1-1.1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"wx2.8-i18n", reference:"2.8.7.1-1.1+lenny1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7780.NASL
    descriptionadded fix for CVE-2009-2369 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40346
    published2009-07-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40346
    titleFedora 11 : wxGTK-2.8.10-2.fc11 (2009-7780)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7794.NASL
    descriptionThe remote Fedora host is missing one or more security updates : moin-1.8.4-2.fc11 : This update removes the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn
    last seen2020-06-01
    modified2020-06-02
    plugin id39866
    published2009-07-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39866
    titleFedora 10 : wxGTK-2.8.10-2.fc10 / Fedora 11 : moin-1.8.4-2.fc11 (2009-7794)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7763.NASL
    descriptionThe remote Fedora host is missing one or more security updates : compat-wxGTK26-2.6.4-10.fc10 : Added rediffed fix for CVE-2009-2369 as found in wxGTK 2.8.10 mingw32-libtiff-3.8.2-17.fc11 : - update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39863
    published2009-07-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39863
    titleFedora 10 : compat-wxGTK26-2.6.4-10.fc10 / Fedora 11 : mingw32-libtiff-3.8.2-17.fc11 (2009-7763)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-7755.NASL
    descriptionAdded rediffed fix for CVE-2009-2369 as found in wxGTK 2.8.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39861
    published2009-07-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39861
    titleFedora 11 : compat-wxGTK26-2.6.4-10.fc11 (2009-7755)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201009-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201009-01 (wxGTK: User-assisted execution of arbitrary code) wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Impact : A remote attacker might entice a user to open a specially crafted JPEG file using a program that uses wxGTK, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id49098
    published2010-09-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49098
    titleGLSA-201009-01 : wxGTK: User-assisted execution of arbitrary code
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-204.NASL
    descriptionA vulnerability has been found and corrected in wxgtk : Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third-party information (CVE-2009-2369). This update provides a solution to this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id40636
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40636
    titleMandriva Linux Security Advisory : wxgtk (MDVSA-2009:204)

References