CVE-2008-2426
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
Múltiples desbordamientos de búfer en la región stack de la memoria en Imlib 2 (también se conoce como imlib2) versión 1.4.0, permiten a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) o posiblemente ejecutar código arbitrario por medio de (1) una imagen PNM con un encabezado diseñado, relacionado con la función load en el archivo src/modules/loaders/loader_pnm.c; o (2) una imagen XPM diseñada, relacionada con la función load en el archivo src/modules/loader_xpm.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-05-27 CVE Reserved
- 2008-05-29 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1020146 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/492739/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/29417 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42732 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Carsten Haitzler Search vendor "Carsten Haitzler" | Imlib2 Search vendor "Carsten Haitzler" for product "Imlib2" | 1.4.0 Search vendor "Carsten Haitzler" for product "Imlib2" and version "1.4.0" | - |
Affected
| ||||||