Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-5233

Published: 26/11/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Xine-lib

Vulnerability Summary

xine-lib 1.1.12, and other versions prior to 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine-lib 1.1.10.1

xine xine-lib 1.1.10

xine xine-lib 1.1.4

xine xine-lib 1.1.3

xine xine-lib 1.0

xine xine-lib 1

xine xine-lib 1.1.11.1

xine xine-lib 1.1.11

xine xine-lib 1.1.6

xine xine-lib 1.1.5

xine xine-lib 1.0.2

xine xine-lib 1.0.1

xine xine-lib 1_beta11

xine xine-lib 1_beta10

xine xine-lib 1_beta3

xine xine-lib 1_beta2

xine xine-lib 1.1.13

xine xine-lib

xine xine-lib 1.1.12

xine xine-lib 1.1.8

xine xine-lib 1.1.7

xine xine-lib 1.0.3a

xine xine-lib 1.1.0

xine xine-lib 1_beta12

xine xine-lib 1_beta5

xine xine-lib 1_beta4

xine xine-lib 1_beta9

xine xine-lib 1_beta8

xine xine-lib 1_beta1

xine xine-lib 0.9.13

xine xine-lib 1.1.9

xine xine-lib 1.1.9.1

xine xine-lib 1.1.2

xine xine-lib 1.1.1

xine xine-lib 1_beta7

xine xine-lib 1_beta6

Vendor Advisories

Debian CVElist Bug Report Logs: xine-lib: multiple heap overflows
Debian Bug report logs - #498243 xine-lib: multiple heap overflows Package: xine-lib; Maintainer for xine-lib is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 8 Sep 2008 12:27:02 UTC Severity: grave Tags: help, security, upstream Done: Nico Golde <nion@debianorg> Bug is archive ...
Ubuntu Security Notice: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2 ...

References

CWE-119http://www.securityfocus.com/bid/30797http://sourceforge.net/project/shownotes.php?release_id=619869http://securitytracker.com/id?1020703http://www.ocert.org/analysis/2008-008/analysis.txthttp://securityreason.com/securityalert/4648http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/31827https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.htmlhttp://www.osvdb.org/47747https://exchange.xforce.ibmcloud.com/vulnerabilities/44649https://exchange.xforce.ibmcloud.com/vulnerabilities/44648https://exchange.xforce.ibmcloud.com/vulnerabilities/44639http://www.securityfocus.com/archive/1/495674/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243https://usn.ubuntu.com/710-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook