Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0757 to the following vulnerability: Name: CVE-2009-0757 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757 Assigned: 20090303 Reference: MLIST:[oss-security] 20090302 CVE Request: mpfr (Buffer Overflow) Reference: URL: http://www.openwall.com/lists/oss-security/2009/03/02/4 Reference: CONFIRM: http://mpfr.loria.fr/mpfr-2.4.1/ Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
Created mpfr tracking bugs for this issue CVE-2009-0757 Affects: F10 [bug #488311] CVE-2009-0757 Affects: F9 [bug #488312]
This does _NOT_ affect Fedora 10 or 9 because the functions in question were introduced in version 2.4.0 and do not exist in the currently shipped 2.3.1 packages. http://mpfr.loria.fr/mpfr-2.4.0/index.html#changes