CVE-2008-3496 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3496): Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Amending Status Whiteboard; the affected driver didn't go mainline until the release of 2.6.26. Given such a narrow scope, it's quite possible that this bug is no longer outstanding.