PT-2008-1722 · Xnsoft+2 · Xnview+2
Publicado
2008-01-31
·
Atualizado
2011-03-08
·
CVE-2008-0064
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
XnView versions 1.91 through 1.92
NConvert version 4.85
GFL SDK version 2.870 for Windows
Description
The issue is a stack-based buffer overflow that allows user-assisted remote attackers to execute arbitrary code. This can be achieved via a crafted Radiance RGBE (.hdr) file.
Recommendations
For XnView versions 1.91 and 1.92, update to a version that is not affected by this issue.
For NConvert version 4.85, update to a version that is not affected by this issue.
For GFL SDK version 2.870 for Windows, update to a version that is not affected by this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gfl Sdk
Nconvert
Xnview