VYPR
Unrated severityNVD Advisory· Published Jun 16, 2009· Updated Jun 16, 2026

CVE-2009-1391

CVE-2009-1391

Description

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*range: <=2.015
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.001:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.002:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.003:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.004:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.005:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.006:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.008:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.009:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.010:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.011:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.012:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.014:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.