Lucene search

FlexeraCVE-2008-0064

HistoryJan 31, 2008 - 8:00 p.m.

CVE-2008-0064

2008-01-3120:00:00

CWE-119

flexera

web.nvd.nist.gov

cve-2008-0064

buffer overflow

xnview

nconvert

gfl sdk 2.870

windows

remote code execution

radiance rgbe

hdr file

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.086

Percentile

94.6%

JSON

Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.

Affected configurations

Nvd

Node

pierreegougeletgfl_sdkMatch2.870windows

pierreegougeletnconvertRange≤4.85

pierreegougeletxnviewRange≤1.91

pierreegougeletxnviewRange≤1.92

VendorProductVersionCPE
pierreegougeletgfl_sdk2.870cpe:2.3:a:pierreegougelet:gfl_sdk:2.870:*:windows:*:*:*:*:*
pierreegougeletnconvert*cpe:2.3:a:pierreegougelet:nconvert:*:*:*:*:*:*:*:*
pierreegougeletxnview*cpe:2.3:a:pierreegougelet:xnview:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pierreegougelet	gfl_sdk	2.870	cpe:2.3:a:pierreegougelet:gfl_sdk:2.870::windows:::::
pierreegougelet	nconvert	*	cpe:2.3:a:pierreegougelet:nconvert::::::::
pierreegougelet	xnview	*	cpe:2.3:a:pierreegougelet:xnview::::::::

References

secunia.com/advisories/28326

secunia.com/advisories/28710

secunia.com/secunia_research/2008-1/advisory

www.securityfocus.com/bid/27514

www.vupen.com/english/advisories/2008/0328

www.vupen.com/english/advisories/2008/0329

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.086

Percentile

94.6%

JSON

Related for CVE-2008-0064