CVE-2009-2286

compface < 1.5.2 - Buffer Overflow via Long Declaration in .xbm File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-2286. PoCs published by His0k4, metalhoney.

AI-analyzed exploit summary This exploit targets a local buffer overflow in compface 1.1.5 by crafting a malicious .xbm file. It uses a setuid/execve shellcode to achieve remote code execution when the file is processed by the vulnerable software.

Description

Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.

Exploits (2)

exploitdb WORKING POC VERIFIED
by His0k4 · pythonlocallinux
https://www.exploit-db.com/exploits/9302

This exploit targets a local buffer overflow in compface 1.1.5 by crafting a malicious .xbm file. It uses a setuid/execve shellcode to achieve remote code execution when the file is processed by the vulnerable software.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: compface 1.1.5
No auth needed
Prerequisites: Vulnerable version of compface installed · Ability to deliver the malicious .xbm file to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by metalhoney · pythondoslinux
https://www.exploit-db.com/exploits/8982

This exploit generates a malformed XBM file with a buffer overflow payload to trigger a vulnerability in compface <= 1.5.2. The PoC creates an oversized buffer (184 'A' characters) to demonstrate the overflow condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: compface <= 1.5.2
No auth needed
Prerequisites: compface installed on Debian/Ubuntu
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534973
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/07/03/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/06/29/2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/06/29/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35863

Scores

EPSS 0.0308
EPSS Percentile 86.0%

Details

CWE
CWE-119
Status published
Products (4)
james_ashton/compface 1.4
james_ashton/compface 1.5
james_ashton/compface 1.5.1
james_ashton/compface < 1.5.2
Published Jul 01, 2009
Tracked Since Feb 18, 2026