Vulnerability Details : CVE-2008-3496
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Vulnerability category: Overflow
Products affected by CVE-2008-3496
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3496
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3496
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-3496
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3496
-
Red Hat 2009-05-19Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. The uvcvideo driver was first added in kernel packages update RHSA-2009:0225 in Red Hat Enterprise Linux 5.3, and it already contained a fix for this flaw.
References for CVE-2008-3496
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
Release Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/30514
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44184
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:018 - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://lkml.org/lkml/2008/7/30/655
Third Party Advisory
Jump to