CVE-2009-3050

Name: CVE-2009-3050
Creator: NVD / NIST
Published: 2009-09-02T17:30:01.313+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.38%

Last modified Jun 16, 2026

CVE-2009-3050 is a vulnerability of currently unknown severity. Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.. EPSS estimates a 4.38% chance of exploitation in the next 30 days.

Description

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.

Metrics

EPSS Probability

4.38%

90.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Htmldoc	Htmldoc	<= 1.8.27
Htmldoc	Htmldoc	1.8.24
Htmldoc	Htmldoc	1.8.25
Htmldoc	Htmldoc	1.8.26

References

Timeline

Published: Sep 2, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-3050?

How severe is CVE-2009-3050?

Severity scoring for CVE-2009-3050 is pending analysis. The EPSS model estimates a 4.38% probability of exploitation in the next 30 days.

How do I fix CVE-2009-3050?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3050?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST