CVE-2008-2427

Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pagesperso-orange:gfl_sdk:2.82:*:*:*:*:*:*:*
cpe:2.3:a:pagesperso-orange:nconvert:4.92:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
cpe:2.3:a:pagesperso-orange:xnview:1.93.6:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:*:*:*:*:*:*:*:*
cpe:2.3:a:pagesperso-orange:xnview:1.70:*:*:*:*:*:*:*

History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://secunia.com/advisories/30416 - Vendor Advisory () http://secunia.com/advisories/30416 - Vendor Advisory
References () http://secunia.com/advisories/30789 - Vendor Advisory () http://secunia.com/advisories/30789 - Vendor Advisory
References () http://secunia.com/secunia_research/2008-24/advisory/ - Vendor Advisory () http://secunia.com/secunia_research/2008-24/advisory/ - Vendor Advisory
References () http://securityreason.com/securityalert/3956 - () http://securityreason.com/securityalert/3956 -
References () http://securitytracker.com/id?1020340 - () http://securitytracker.com/id?1020340 -
References () http://www.securityfocus.com/archive/1/493505/100/0/threaded - () http://www.securityfocus.com/archive/1/493505/100/0/threaded -
References () http://www.securityfocus.com/bid/29851 - () http://www.securityfocus.com/bid/29851 -
References () http://www.vupen.com/english/advisories/2008/1896 - () http://www.vupen.com/english/advisories/2008/1896 -
References () http://www.vupen.com/english/advisories/2008/1897 - () http://www.vupen.com/english/advisories/2008/1897 -
References () https://www.exploit-db.com/exploits/5951 - () https://www.exploit-db.com/exploits/5951 -

Information

Published : 2008-06-24 19:41

Updated : 2024-11-21 00:46


NVD link : CVE-2008-2427

Mitre link : CVE-2008-2427

CVE.ORG link : CVE-2008-2427


JSON object : View

Products Affected

microsoft

  • windows_nt

pagesperso-orange

  • nconvert
  • gfl_sdk
  • xnview

freebsd

  • freebsd

redhat

  • linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer