CVE-2008-5262

Related Files

Gentoo Linux Security Advisory 200903-4

Posted Mar 7, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-04 - Multiple boundary errors in DevIL may allow for the execution of arbitrary code. Stefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. Versions less than 1.7.7 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2008-5262

SHA-256 | 6968c1a9f3dc299f41f0c1b860ac8597572eccd32d40e16046428903f5f83fb7

Download | Favorite | View

Debian Linux Security Advisory 1717-1

Posted Feb 5, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1717 - Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2008-5262

SHA-256 | 265e84e682128cc2db4b0e85ebb3365be5c458f93067eff4a6edd31c6a500945

Download | Favorite | View

Secunia - DevIL iGetHdrHeader() Buffer Overflows

Posted Jan 14, 2009

Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered two vulnerabilities in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "iGetHdrHeader()" function in src-IL/src/il_hdr.c. These can be exploited to cause a stack-based buffer overflow when processing specially crafted Radiance RGBE files. Successful exploitation allows execution of arbitrary code. Version 1.7.4 is affected.

tags | advisory, overflow, arbitrary, vulnerability

advisories | CVE-2008-5262

SHA-256 | 2db7537f7ae4f1844e1079774d8e106853f8bddb5ad266889cca2a1bd47eac1a

Download | Favorite | View