CVE-2009-1511

Windows XP SP3 - Denial of Service via PNG btChunkLen Value

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1511. PoCs published by Code Audit Labs.

AI-analyzed exploit summary This Perl script generates a malformed PNG file that triggers an infinite loop in Microsoft GDI+ due to a crafted chunk length (0xfffffff4), causing a denial-of-service (DoS) condition with 100% CPU usage.

Description

GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Code Audit Labs · perldoswindows
https://www.exploit-db.com/exploits/8466

This Perl script generates a malformed PNG file that triggers an infinite loop in Microsoft GDI+ due to a crafted chunk length (0xfffffff4), causing a denial-of-service (DoS) condition with 100% CPU usage.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft GDI+ (tested on Windows XP SP3)
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34586
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8466

Scores

EPSS 0.1421
EPSS Percentile 96.1%

Details

CWE
CWE-399
Status published
Products (1)
microsoft/windows_xp
Published May 01, 2009
Tracked Since Feb 18, 2026