CVE-2008-3496

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lkml.org/lkml/2008/7/30/655

http://secunia.com/advisories/31982

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1

http://www.mandriva.com/security/advisories?name=MDVSA-2008:223

http://www.securityfocus.com/bid/30514

https://exchange.xforce.ibmcloud.com/vulnerabilities/44184

Details

Source: MITRE

Published: 2008-08-06

Updated: 2020-07-28

Type: CWE-120

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
51762SuSE 10 Security Update : uvcvideo KMPs (ZYPP Patch Number 5514)NessusSuSE Local Security Checks
critical
40145openSUSE Security Update : uvcvideo-kmp-bigsmp (uvcvideo-kmp-bigsmp-148)NessusSuSE Local Security Checks
critical
37065Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)NessusMandriva Local Security Checks
critical
34249openSUSE 10 Security Update : uvcvideo-kmp-bigsmp (uvcvideo-kmp-bigsmp-5513)NessusSuSE Local Security Checks
critical