Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 234808 (CVE-2008-3496)

Summary: Linux =2.6.26 V4L/DVB (8207): uvcvideo: Fix a buffer overflow in format descriptor parsing (CVE-2008-3496)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commitdiff;h=233548a2fd934a0220db8b1521c0bc88c82e5e53
Whiteboard: [linux >=2.6.26 <2.6.26.1] [gp >=2.6.26-1 <2.6.26-2]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-08-15 11:07:49 UTC 
CVE-2008-3496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496):
  Buffer overflow in format descriptor parsing in the uvc_parse_format function
  in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L)
  implementation in the Linux kernel before 2.6.26.1 has unknown impact and
  attack vectors.
Comment 1 kfm 2009-07-23 18:10:02 UTC 
Amending Status Whiteboard; the affected driver didn't go mainline until the release of 2.6.26. Given such a narrow scope, it's quite possible that this bug is no longer outstanding.