DEBIAN-CVE-2009-0689

Advisory lineage Upstream: 1 Downstream: 4

Upstream

CVE-2009-0689

Downstream

DLA-1564-1 DLA-376-1 DSA-1931-1 DSA-1998-1

Published: 01 Jul 2009, 13:00

Last modified:28 Apr 2026, 20:11

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Jul 2009, 13:00

Published

Vulnerability first disclosed

28 Apr 2026, 20:11

Last Modified

Vulnerability information updated

Description

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Affected Systems

debian•mono
< 4.2.1.102+dfsg2-4 | < 4.2.1.102+dfsg2-4 | < 4.2.1.102+dfsg2-4 | < 4.2.1.102+dfsg2-4
debian•nspr
< 4.8-2 | < 4.8-2 | < 4.8-2 | < 4.8-2

References (1)

https://security-tracker.debian.org/tracker/CVE-2009-0689