VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 16, 2009· Updated Apr 23, 2026

CVE-2009-1391

CVE-2009-1391

Description

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

Affected products

13
  • Paul Marquess/Compress Raw Zlib Perl Module13 versions
    cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:*:*:*:*:*:*:*:*range: <=2.015
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.001:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.002:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.003:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.004:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.005:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.006:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.008:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.009:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.010:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.011:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.012:*:*:*:*:*:*:*
    • cpe:2.3:a:paul_marquess:compress-raw-zlib_perl_module:2.014:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.