Vulnerability Description
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pierreegougelet | Gfl Sdk | 2.870 |
| Pierreegougelet | Nconvert | <= 4.85 |
| Pierreegougelet | Xnview | <= 1.91 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28326PatchVendor Advisory
- http://secunia.com/advisories/28710Vendor Advisory
- http://secunia.com/secunia_research/2008-1/advisoryVendor Advisory
- http://www.securityfocus.com/bid/27514
- http://www.vupen.com/english/advisories/2008/0328
- http://www.vupen.com/english/advisories/2008/0329
- http://secunia.com/advisories/28326PatchVendor Advisory
- http://secunia.com/advisories/28710Vendor Advisory
- http://secunia.com/secunia_research/2008-1/advisoryVendor Advisory
- http://www.securityfocus.com/bid/27514
- http://www.vupen.com/english/advisories/2008/0328
- http://www.vupen.com/english/advisories/2008/0329
FAQ
What is CVE-2008-0064?
CVE-2008-0064 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute...
How severe is CVE-2008-0064?
CVE-2008-0064 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0064?
Check the references section above for vendor advisories and patch information. Affected products include: Pierreegougelet Gfl Sdk, Pierreegougelet Nconvert, Pierreegougelet Xnview.