Unrated severityNVD Advisory· Published Jan 31, 2008· Updated Apr 23, 2026

CVE-2008-0064

Description

Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.

Affected products

Pierreegougelet/Gfl Sdk
cpe:2.3:a:pierreegougelet:gfl_sdk:2.870:*:windows:*:*:*:*:*
Pierreegougelet/Nconvert
cpe:2.3:a:pierreegougelet:nconvert:*:*:*:*:*:*:*:*
Range: <=4.85
Pierreegougelet/Xnview
cpe:2.3:a:pierreegougelet:xnview:*:*:*:*:*:*:*:*
Range: <=1.91

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/28326nvdPatchVendor Advisory
secunia.com/advisories/28710nvdVendor Advisory
secunia.com/secunia_research/2008-1/advisorynvdVendor Advisory
www.securityfocus.com/bid/27514nvd
www.vupen.com/english/advisories/2008/0328nvd
www.vupen.com/english/advisories/2008/0329nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000