VYPR
Unrated severityNVD Advisory· Published Apr 1, 2009· Updated Jun 16, 2026

CVE-2009-1217

CVE-2009-1217

Description

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Microsoft/Gdi\+2 versions
    cpe:2.3:a:microsoft:gdi\+:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:gdi\+:-:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.