CVE-2009-2905

Name of the Vulnerable Software and Affected Versions newt versions 0.51.5 through 0.52.2 newt-devel versions 0.51.5 through 0.52.2 libnewt0 versions prior to 0.52.10-r1 libnewt-dev versions prior to 0.52.10-r1 libnewt-pic versions prior to 0.52.10-r1

Description The issue is related to a heap-based buffer overflow in the textbox.c file of the newt package, which can be exploited locally to cause a denial of service or possibly execute arbitrary code via a crafted text dialog box request. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out by a local attacker.

Recommendations For newt versions 0.51.5 through 0.52.2, update to version 0.52.10-r1 or later. For newt-devel versions 0.51.5 through 0.52.2, update to version 0.52.10-r1 or later. For libnewt0, libnewt-dev, and libnewt-pic versions prior to 0.52.10-r1, update to version 0.52.10-r1 or later. As a temporary workaround, consider restricting access to the vulnerable newt package until a patch is available.