CVE-2008-2427

Pagesperso-orange Gfl SDK - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shinnok · clocalwindows

https://www.exploit-db.com/exploits/5951

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://secunia.com/advisories/30416

[Vendor Advisory] http://secunia.com/advisories/30789

[Vendor Advisory] http://secunia.com/secunia_research/2008-24/advisory/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/493505/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29851

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5951

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1020340

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1896

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1897

[Third Party Advisory] http://securityreason.com/securityalert/3956

Scores

EPSS 0.3100

EPSS Percentile 96.8%

Details

CWE

CWE-119

Status published

Products (4)

pagesperso-orange/gfl_sdk 2.82

pagesperso-orange/nconvert 4.92

pagesperso-orange/xnview 1.93.6

pagesperso-orange/xnview 1.70

Published Jun 24, 2008

Tracked Since Feb 18, 2026