CVE-2008-5262 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Devil	Developers Image Library

Configuration 1 [-]

cpe:2.3:a:devil:developers_image_library:1.7.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/33470
http://secunia.com/advisories/33637
http://secunia.com/advisories/33801
http://secunia.com/secunia_research/2008-59/
http://www.debian.org/security/2009/dsa-1717
http://www.securityfocus.com/bid/33231
https://www.cve.org/CVERecord?id=CVE-2008-5262
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2008-5262

Thu, 22 May 2025 00:45:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2008-5262 https://www.cve.org/CVERecord?id=CVE-2008-5262

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2009-01-13T16:00:00

Updated: 2024-08-07T10:49:12.307Z

Reserved: 2008-11-28T00:00:00

Link: CVE-2008-5262

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-01-13T17:00:01.140

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5262

Redhat

Severity : Moderate

Publid Date: 2009-01-09T00:00:00Z

Links: CVE-2008-5262 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-05T10:00:00", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2008-59/"}, {"name": "33637", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33637"}, {"name": "33470", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33470"}, {"name": "33801", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33801"}, {"name": "FEDORA-2009-0856", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html"}, {"name": "33231", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33231"}, {"name": "DSA-1717", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1717"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2008-5262", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://secunia.com/secunia_research/2008-59/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2008-59/"}, {"name": "33637", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33637"}, {"name": "33470", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33470"}, {"name": "33801", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33801"}, {"name": "FEDORA-2009-0856", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html"}, {"name": "33231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33231"}, {"name": "DSA-1717", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1717"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:49:12.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2008-59/"}, {"name": "33637", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33637"}, {"name": "33470", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33470"}, {"name": "33801", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33801"}, {"name": "FEDORA-2009-0856", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html"}, {"name": "33231", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33231"}, {"name": "DSA-1717", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1717"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2008-5262", "datePublished": "2009-01-13T16:00:00", "dateReserved": "2008-11-28T00:00:00", "dateUpdated": "2024-08-07T10:49:12.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devil:developers_image_library:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "C861473C-4169-4D7F-A6D8-F25F1C8872CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en la funci\u00f3n iGetHdrHeader en src-IL/src/il_hdr.c en DevIL 1.7.4 permiten a atacantes, dependiendo del contexto, ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Radiance RGBE debidamente modificado."}], "id": "CVE-2008-5262", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-13T17:00:01.140", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33470"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/33637"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/33801"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/secunia_research/2008-59/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.debian.org/security/2009/dsa-1717"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/33231"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2008-59/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1717"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00845.html"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}