Launchpad.net

CVE 2009-4012

Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2009-4012 (Candidate) is related to these bugs:

Bug #507939: CVE-2009-4012: arbitrary code execution

		In	Importance	Status
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu)	Medium	Fix Released
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu Hardy)	Medium	Fix Released
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu Intrepid)	Medium	Fix Released
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu Lucid)	Medium	Fix Released
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu Karmic)	Medium	Fix Released
507939	CVE-2009-4012: arbitrary code execution	libthai (Ubuntu Jaunty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://linux.thai.net/...
CONFIRM: http://linux.thai.net/...
CONFIRM: http://security.debian...
CONFIRM: http://security.debian...
DEBIAN: DSA-1971
BID: 37822
SECUNIA: 38196
SECUNIA: 38213
SUSE: SUSE-SR:2010:002
SECUNIA: 38420
UBUNTU: USN-887-1
SECUNIA: 38235