Published: 24/03/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in xine-lib 1.1.11 and previous versions allow remote malicious users to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1.1.11

Alin Rad Pop discovered an array index vulnerability in the SDP parser If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program (CVE-2008-0073) ...

Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player The Common Vulnerabilities and Exposures project identifies the following three problems: CVE-2008-1482 Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and ...

source: wwwsecurityfocuscom/bid/28370/info The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library Failed attacks wil ...

CVE-2008-1482

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect