Security Vulnerabilities, CVEs, Published In July 2009 (Overflow)
CVE-2009-2650
Public exploit
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
Max CVSS
9.3
EPSS Score
96.45%
Published
2009-07-30
Updated
2017-09-19
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
Max CVSS
5.0
EPSS Score
9.52%
Published
2009-07-28
Updated
2009-08-12
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
Max CVSS
9.3
EPSS Score
2.29%
Published
2009-07-27
Updated
2009-07-27
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-07-23
Updated
2018-11-16
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892.
Max CVSS
9.3
EPSS Score
0.63%
Published
2009-07-23
Updated
2018-10-10
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
Max CVSS
5.0
EPSS Score
0.18%
Published
2009-07-22
Updated
2018-10-10
Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
Max CVSS
9.3
EPSS Score
91.74%
Published
2009-07-22
Updated
2018-10-12
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
Max CVSS
9.3
EPSS Score
7.84%
Published
2009-07-22
Updated
2017-09-19
CVE-2009-2566
Public exploit
Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
Max CVSS
9.3
EPSS Score
50.85%
Published
2009-07-21
Updated
2017-09-19
Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-07-21
Updated
2017-09-19
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
Max CVSS
9.3
EPSS Score
0.26%
Published
2009-07-21
Updated
2017-08-17
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
Max CVSS
9.3
EPSS Score
8.60%
Published
2009-07-21
Updated
2017-08-17
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
Max CVSS
9.3
EPSS Score
4.71%
Published
2009-07-20
Updated
2024-02-14
Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service via a join packet with a final field whose value is (1) 0, which triggers a server crash related to memory allocation, or (2) 1, which triggers CPU/memory consumption and a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
0.17%
Published
2009-07-20
Updated
2009-07-21
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message.
Max CVSS
10.0
EPSS Score
0.63%
Published
2009-07-20
Updated
2009-07-21
CVE-2009-2485
Public exploit
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
Max CVSS
9.3
EPSS Score
95.40%
Published
2009-07-16
Updated
2017-09-19
CVE-2009-2484
Public exploit
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
Max CVSS
9.3
EPSS Score
96.50%
Published
2009-07-16
Updated
2017-09-19
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
Max CVSS
7.8
EPSS Score
6.23%
Published
2009-07-16
Updated
2018-10-10
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.
Max CVSS
10.0
EPSS Score
8.05%
Published
2009-07-22
Updated
2009-09-16
Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.95%
Published
2009-07-14
Updated
2018-10-10
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-07-13
Updated
2017-09-19
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Max CVSS
8.5
EPSS Score
6.78%
Published
2009-07-13
Updated
2019-12-17
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-07-13
Updated
2017-08-17
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
Max CVSS
4.3
EPSS Score
1.36%
Published
2009-07-10
Updated
2021-07-23
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-07-31
Updated
2023-02-13