Lucene search

[email protected]CVE-2008-1670

HistoryApr 28, 2008 - 5:05 p.m.

CVE-2008-1670

2008-04-2817:05:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1670

buffer overflow

png

khtml

kde

denial of service

remote attack

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

JSON

Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.

Affected configurations

NVD

Node

kdekdeMatch4.0.0

kdekdeMatch4.0.1

kdekdeMatch4.0.2

kdekdeMatch4.0.3

CPENameOperatorVersion
kde:kdekdeeq4.0.0
kde:kdekdeeq4.0.1
kde:kdekdeeq4.0.2
kde:kdekdeeq4.0.3

CPE	Name	Operator	Version
kde:kde	kde	eq	4.0.0
kde:kde	kde	eq	4.0.1
kde:kde	kde	eq	4.0.2
kde:kde	kde	eq	4.0.3

References

lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

secunia.com/advisories/29980

www.kde.org/info/security/advisory-20080426-1.txt

www.securityfocus.com/bid/28937

www.securitytracker.com/id?1019929

www.vupen.com/english/advisories/2008/1371/references

exchange.xforce.ibmcloud.com/vulnerabilities/42038

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2008-1670

nessus3 openvas24 fedora12 ubuntucve1 nvd1 seebug1 cvelist1 debiancve1 prion1