VYPR
Unrated severityNVD Advisory· Published Aug 5, 2009· Updated Jun 16, 2026

CVE-2009-2688

CVE-2009-2688

Description

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xemacs/Xemacs2 versions
    cpe:2.3:a:xemacs:xemacs:21.4.22:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xemacs:xemacs:21.4.22:*:*:*:*:*:*:*
    • (no CPE)range: =21.4.22

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.