Skip to content

Heap-based buffer overflow in an API in GDI in Microsoft...

High severity Unreviewed Published May 2, 2022 to the GitHub Advisory Database • Updated Jan 17, 2025

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

References

Published by the National Vulnerability Database Dec 10, 2008
Published to the GitHub Advisory Database May 2, 2022
Last updated Jan 17, 2025

Severity

High

EPSS score

3.451%
(91st percentile)

Weaknesses

CVE ID

CVE-2008-3465

GHSA ID

GHSA-26m8-fjr7-qf85

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.