Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-1110

Published: 29/02/2008 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Xine

Vulnerability Summary

Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib prior to 1.1.10 allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine-plugin

xine xine-lib

Vendor Advisories

Ubuntu Security Notice: xine-lib vulnerabilities
Alin Rad Pop discovered an array index vulnerability in the SDP parser If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program (CVE-2008-0073) ...

Exploits

Exploit DB: Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
#!/usr/bin/perl ##################################################################### # Libxine <= 114 : MPEG Stream Buffer overflow vulnerability / PoC # # Federico L Bossi Bonin # fbossi[at]netcommcomar #################################################################### # (gdb) run /tmp/eggmpeg # Starting program: /usr/bin/gxine /tmp/e ...

References

CWE-119http://bugs.gentoo.org/show_bug.cgi?id=208100http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608http://xinehq.de/index.php/newshttp://xinehq.de/index.php/securityhttp://security.gentoo.org/glsa/glsa-200802-12.xmlhttp://secunia.com/advisories/29141http://www.ubuntu.com/usn/usn-635-1http://www.mandriva.com/security/advisories?name=MDVSA-2008:178http://secunia.com/advisories/31393https://exchange.xforce.ibmcloud.com/vulnerabilities/41019https://www.exploit-db.com/exploits/1641http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitwebhttps://usn.ubuntu.com/635-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/1641/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook