CVE-2009-0757

Name of the Vulnerable Software and Affected Versions GNU MPFR version 2.4.0 GNU MPFR versions prior to 2.4.1

Description The issue concerns buffer overflows in the mpfr snprintf and mpfr vsnprintf functions, which can be exploited by context-dependent attackers to cause a denial of service, resulting in a crash. The vulnerability can also lead to violations of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely.

Recommendations For GNU MPFR version 2.4.0, update to version 2.4.1 or later to resolve the issue. For GNU MPFR versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the mpfr snprintf and mpfr vsnprintf functions until a patch is available.