CVE-2008-0064

Published Jan 31, 2008

Last updated 14 years ago

Overview

Description: Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pierreegougelet:gfl_sdk:2.870:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC17F42E-AA60-46F4-AFFC-FB43568D6D68"
          },
          {
            "criteria": "cpe:2.3:a:pierreegougelet:nconvert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3398E9EC-B365-4472-9318-7CA9FF082541",
            "versionEndIncluding": "4.85"
          },
          {
            "criteria": "cpe:2.3:a:pierreegougelet:xnview:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B60BA9B5-694F-4F19-8FD6-53F0CDE8DEBD",
            "versionEndIncluding": "1.91"
          },
          {
            "criteria": "cpe:2.3:a:pierreegougelet:xnview:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFCE1571-F735-478D-860A-21A607112A50",
            "versionEndIncluding": "1.92"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References