CVE-2008-3496

Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
linuxlinux_kernel
𝑥
< 2.6.26.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
hardy
not-affected
gutsy
dne
feisty
dne
dapper
dne
linux-source-2.6.15
hardy
dne
gutsy
dne
feisty
dne
dapper
not-affected
linux-source-2.6.20
hardy
dne
gutsy
dne
feisty
not-affected
dapper
dne
linux-source-2.6.22
hardy
dne
gutsy
not-affected
feisty
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://lkml.org/lkml/2008/7/30/655
http://secunia.com/advisories/31982
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
http://www.securityfocus.com/bid/30514
https://exchange.xforce.ibmcloud.com/vulnerabilities/44184
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://lkml.org/lkml/2008/7/30/655
http://secunia.com/advisories/31982
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
http://www.securityfocus.com/bid/30514
https://exchange.xforce.ibmcloud.com/vulnerabilities/44184