Security Vulnerabilities, CVEs, Published In March 2009 (Overflow)
Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
1.27%
Published
2009-03-31
Updated
2021-06-07
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
Max CVSS
10.0
EPSS Score
1.65%
Published
2009-03-31
Updated
2021-06-07
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
Max CVSS
7.5
EPSS Score
66.77%
Published
2009-03-25
Updated
2018-10-10
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Max CVSS
9.3
EPSS Score
29.08%
Published
2009-03-25
Updated
2018-10-10
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Max CVSS
9.3
EPSS Score
20.20%
Published
2009-03-25
Updated
2018-10-10
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Max CVSS
10.0
EPSS Score
42.15%
Published
2009-03-25
Updated
2018-10-10
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Max CVSS
10.0
EPSS Score
84.54%
Published
2009-03-25
Updated
2018-10-10
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
Max CVSS
6.4
EPSS Score
11.17%
Published
2009-03-25
Updated
2009-05-15
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
Max CVSS
9.3
EPSS Score
9.31%
Published
2009-03-26
Updated
2017-10-04
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
Max CVSS
9.3
EPSS Score
12.14%
Published
2009-03-26
Updated
2018-10-10
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
Max CVSS
6.8
EPSS Score
13.34%
Published
2009-03-26
Updated
2017-09-29
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
Max CVSS
9.3
EPSS Score
2.27%
Published
2009-03-24
Updated
2017-09-29
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
Max CVSS
10.0
EPSS Score
4.13%
Published
2009-03-24
Updated
2017-09-29
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
Max CVSS
10.0
EPSS Score
3.54%
Published
2009-03-24
Updated
2017-09-29
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-03-26
Updated
2017-09-29
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
Max CVSS
9.3
EPSS Score
10.95%
Published
2009-03-20
Updated
2017-09-29
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
Max CVSS
7.5
EPSS Score
18.47%
Published
2009-03-20
Updated
2018-10-10
CVE-2009-1029
Public exploit
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
Max CVSS
9.3
EPSS Score
1.55%
Published
2009-03-20
Updated
2018-10-10
CVE-2009-1028
Public exploit
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
Max CVSS
9.3
EPSS Score
73.34%
Published
2009-03-20
Updated
2017-09-29
Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file.
Max CVSS
9.3
EPSS Score
7.68%
Published
2009-03-20
Updated
2018-10-10
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
Max CVSS
10.0
EPSS Score
56.10%
Published
2009-03-25
Updated
2018-10-30
CVE-2009-0927
Known exploited
Public exploit
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Max CVSS
9.3
EPSS Score
97.46%
Published
2009-03-19
Updated
2018-11-08
CISA KEV Added
2022-03-25
Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.
Max CVSS
10.0
EPSS Score
5.63%
Published
2009-03-25
Updated
2018-10-10
CVE-2009-0920
Public exploit
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
Max CVSS
7.5
EPSS Score
74.94%
Published
2009-03-25
Updated
2018-10-10
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
Max CVSS
9.3
EPSS Score
16.44%
Published
2009-03-12
Updated
2017-09-29