CVE-2009-2369

Name of the Vulnerable Software and Affected Versions wx2.6-doc versions prior to the fixed version wx2.4-i18n versions prior to the fixed version wxGTK versions prior to 2.8.10.1-r1 wx2.6-i18n versions prior to the fixed version libwxbase2.8-dbg versions prior to the fixed version wx2.4-examples versions prior to the fixed version libwxgtk2.8-0 versions prior to the fixed version libwxbase2.4-dbg versions prior to the fixed version wx2.6-headers versions prior to the fixed version libwxgtk2.6-dev versions prior to the fixed version wx2.8-doc versions prior to the fixed version wx2.4-headers versions prior to the fixed version wx2.4-doc versions prior to the fixed version wx2.6-examples versions prior to the fixed version libwxbase2.6-dev versions prior to the fixed version wx-common versions prior to the fixed version libwxbase2.8-0 versions prior to the fixed version libwxgtk2.8-dbg versions prior to the fixed version libwxbase2.4-1 versions prior to the fixed version libwxgtk2.6-0 versions prior to the fixed version libwxbase2.6-dbg versions prior to the fixed version libwxgtk2.8-dev versions prior to the fixed version libwxgtk2.6-dbg versions prior to the fixed version libwxgtk2.4-dbg versions prior to the fixed version libwxgtk2.4-dev versions prior to the fixed version libwxgtk2.4-1 versions prior to the fixed version wx2.8-examples versions prior to the fixed version libwxgtk2.4-1-contrib versions prior to the fixed version libwxbase2.8-dev versions prior to the fixed version libwxbase2.4-dev versions prior to the fixed version libwxbase2.6-0 versions prior to the fixed version wx2.8-i18n versions prior to the fixed version wx2.8-headers versions prior to the fixed version libwxgtk2.4-contrib-dev versions prior to the fixed version

Description The issue is related to multiple vulnerabilities in various wxWidgets packages in Debian GNU/Linux and Gentoo Linux. These vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. In the case of wxWidgets 2.8.10, an integer overflow in the wxImage::Create function allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.