CVE-2009-4014

critical

Description

Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.

References

http://www.ubuntu.com/usn/USN-891-1

http://www.securityfocus.com/bid/37975

http://www.debian.org/security/2010/dsa-1979

http://secunia.com/advisories/38379

http://secunia.com/advisories/38375

http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html

http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog

http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d

http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00

Details

Source: Mitre, NVD

Published: 2010-02-02

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02035