Unrated severityNVD Advisory· Published Jul 1, 2009· Updated Apr 23, 2026

CVE-2009-2286

Description

Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.

Affected products

James Ashton/Compface4 versions
cpe:2.3:a:james_ashton:compface:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:james_ashton:compface:*:*:*:*:*:*:*:*range: <=1.5.2
- cpe:2.3:a:james_ashton:compface:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:james_ashton:compface:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:james_ashton:compface:1.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvd
www.openwall.com/lists/oss-security/2009/06/29/2nvd
www.openwall.com/lists/oss-security/2009/06/29/4nvd
www.openwall.com/lists/oss-security/2009/07/03/1nvd
www.securityfocus.com/bid/35863nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000