cpe:/a:henning_makholm:xcftools:1.0.4 CVE-2009-2175 2009-06-23T17:30:00.343-04:00 2011-01-04T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-06-24T10:04:00.000-04:00 SECUNIA 35397 BID 43883 OSVDB 55187 VUPEN ADV-2009-1638 FEDORA FEDORA-2010-17004 FEDORA FEDORA-2010-17035 FEDORA FEDORA-2010-17041 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533361 Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.