Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-5241

Published: 26/11/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Xine

Vulnerability Summary

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and previous versions versions, allows remote malicious users to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine-lib 1.1.13

xine xine-lib 1.1.9.1

xine xine-lib 1.1.8

xine xine-lib 1.0.3a

xine xine-lib 1.1.0

xine xine-lib 1

xine xine-lib 1_beta5

xine xine-lib 1_beta4

xine xine-lib 1.1.11

xine xine-lib 1.1.10.1

xine xine-lib 1.1.4

xine xine-lib 1.1.3

xine xine-lib 1.0

xine xine-lib 1_beta9

xine xine-lib 1_beta8

xine xine-lib 1_beta1

xine xine-lib 0.9.13

xine xine-lib 1.1.10

xine xine-lib 1.1.9

xine xine-lib 1.1.2

xine xine-lib 1.1.1

xine xine-lib 1_beta7

xine xine-lib 1_beta6

xine xine-lib 1.1.14

xine xine-lib

xine xine-lib 1.1.12

xine xine-lib 1.1.11.1

xine xine-lib 1.1.7

xine xine-lib 1.1.6

xine xine-lib 1.1.5

xine xine-lib 1.0.2

xine xine-lib 1.0.1

xine xine-lib 1_beta12

xine xine-lib 1_beta11

xine xine-lib 1_beta10

xine xine-lib 1_beta3

xine xine-lib 1_beta2

Vendor Advisories

Debian CVElist Bug Report Logs: xine-lib: multiple heap overflows
Debian Bug report logs - #498243 xine-lib: multiple heap overflows Package: xine-lib; Maintainer for xine-lib is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 8 Sep 2008 12:27:02 UTC Severity: grave Tags: help, security, upstream Done: Nico Golde <nion@debianorg> Bug is archive ...
Ubuntu Security Notice: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2 ...

References

CWE-189http://www.ocert.org/analysis/2008-008/analysis.txthttp://www.securityfocus.com/bid/30797http://securityreason.com/securityalert/4648http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttp://secunia.com/advisories/31827https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/44656http://www.securityfocus.com/archive/1/495674/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243https://usn.ubuntu.com/710-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook