ID CVE-2007-2956
Summary Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
References
Vulnerable Configurations
  • cpe:2.3:a:pfstools:pfstools:1.6.2
    cpe:2.3:a:pfstools:pfstools:1.6.2
  • cpe:2.3:a:qtpfsgui:qtpfsgui:1.8.11
    cpe:2.3:a:qtpfsgui:qtpfsgui:1.8.11
CVSS
Base: 6.8 (as of 13-08-2007 - 13:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_PFSTOOLS-4083.NASL
description A buffer overflow when processing RGBE file could potentially allow attackers to execute arbitrary code by tricking the victim into running 'pfsinrgbe' on a specially crafted file (CVE-2007-2956).
last seen 2019-02-21
modified 2018-07-19
plugin id 27388
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27388
title openSUSE 10 Security Update : pfstools (pfstools-4083)
refmap via4
confirm
misc
secunia
  • 26387
  • 26388
  • 26674
suse SUSE-SR:2007:018
vupen
  • ADV-2007-2855
  • ADV-2007-2856
xf
  • pfstools-readradianceheader-bo(35949)
  • qtpfsgui-readradianceheader-bo(35948)
Last major update 07-03-2011 - 21:55
Published 13-08-2007 - 13:17
Last modified 28-07-2017 - 21:31
Back to Top