Search for vulnerabilities
Vulnerability details: VCID-99ws-1hqr-aaan
Vulnerability ID VCID-99ws-1hqr-aaan
Aliases CVE-2009-1515
Summary Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.04179 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.06623 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.09849 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.09849 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.09849 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.09849 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
epss 0.12201 https://api.first.org/data/v1/epss?cve=CVE-2009-1515
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=497913
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-1515
Reference id Reference type URL
ftp://ftp.astron.com/pub/file/file-5.01.tar.gz
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820
http://mx.gw.com/pipermail/file/2009/000379.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1515.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1515
http://secunia.com/advisories/34881
http://www.mandriva.com/security/advisories?name=MDVSA-2009:129
http://www.osvdb.org/54100
http://www.securityfocus.com/bid/34745
497913 https://bugzilla.redhat.com/show_bug.cgi?id=497913
cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
CVE-2009-1515 https://nvd.nist.gov/vuln/detail/CVE-2009-1515
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1515
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87653
EPSS Score 0.04179
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.