CVE-2009-2688

Name of the Vulnerable Software and Affected Versions XEmacs version 21.4.22

Description The issue is related to multiple integer overflows in the glyphs-eimage.c file of XEmacs, specifically when running on Windows. These overflows can be triggered by processing crafted image files, including TIFF, PNG, and JPEG files, through the tiff instantiate, png instantiate, and jpeg instantiate functions, respectively. This can lead to a denial of service (crash) or potentially allow remote attackers to execute arbitrary code due to a heap-based buffer overflow.

Recommendations For XEmacs version 21.4.22, consider avoiding the use of the tiff instantiate, png instantiate, and jpeg instantiate functions until a patch is available, or restrict the processing of TIFF, PNG, and JPEG files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.