Published: 26/11/2008 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

xine-lib 1.1.12, and other 1.1.15 and previous versions versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1.1.13
xine xine-lib 1.1.9.1
xine xine-lib 1.1.8
xine xine-lib 1.1.7
xine xine-lib 1.0.3a
xine xine-lib 1.1.0
xine xine-lib 1
xine xine-lib 1_beta12
xine xine-lib 1_beta5
xine xine-lib 1_beta4
xine xine-lib 1.1.11
xine xine-lib 1.1.10.1
xine xine-lib 1.1.4
xine xine-lib 1.1.3
xine xine-lib 1.0
xine xine-lib 1_beta9
xine xine-lib 1_beta8
xine xine-lib 1_beta1
xine xine-lib 0.9.13
xine xine-lib 1.1.12
xine xine-lib 1.1.11.1
xine xine-lib 1.1.6
xine xine-lib 1.1.5
xine xine-lib 1.0.2
xine xine-lib 1.0.1
xine xine-lib 1_beta11
xine xine-lib 1_beta10
xine xine-lib 1_beta3
xine xine-lib 1_beta2
xine xine-lib 1.1.10
xine xine-lib 1.1.9
xine xine-lib 1.1.2
xine xine-lib 1.1.1
xine xine-lib 1_beta7
xine xine-lib 1_beta6

Debian Bug report logs - #498243 xine-lib: multiple heap overflows Package: xine-lib; Maintainer for xine-lib is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 8 Sep 2008 12:27:02 UTC Severity: grave Tags: help, security, upstream Done: Nico Golde <nion@debianorg> Bug is archive ...

It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2 ...

It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invok ...

CWE-119 http://www.securityfocus.com/bid/30797 http://www.ocert.org/analysis/2008-008/analysis.txt http://securityreason.com/securityalert/4648 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://secunia.com/advisories/33544 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html http://secunia.com/advisories/31827 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html https://exchange.xforce.ibmcloud.com/vulnerabilities/44651 http://www.securityfocus.com/archive/1/495674/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243 https://nvd.nist.gov https://usn.ubuntu.com/710-1/

CVE-2008-5239

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect