Published: 26/11/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and previous versions versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1.1.10.1
xine xine-lib 1.1.10
xine xine-lib 1.1.4
xine xine-lib 1.1.3
xine xine-lib 1.0
xine xine-lib 1
xine xine-lib 1_beta9
xine xine-lib 1_beta8
xine xine-lib 1_beta1
xine xine-lib 0.9.13
xine xine-lib 1.1.14
xine xine-lib 1.1.11.1
xine xine-lib 1.1.11
xine xine-lib 1.1.6
xine xine-lib 1.1.5
xine xine-lib 1.0.2
xine xine-lib 1.0.1
xine xine-lib 1_beta11
xine xine-lib 1_beta10
xine xine-lib 1_beta3
xine xine-lib 1_beta2
xine xine-lib 1.1.9
xine xine-lib 1.1.9.1
xine xine-lib 1.1.2
xine xine-lib 1.1.1
xine xine-lib 1_beta7
xine xine-lib 1_beta6
xine xine-lib
xine xine-lib 1.1.13
xine xine-lib 1.1.12
xine xine-lib 1.1.8
xine xine-lib 1.1.7
xine xine-lib 1.0.3a
xine xine-lib 1.1.0
xine xine-lib 1_beta12
xine xine-lib 1_beta5
xine xine-lib 1_beta4

Debian Bug report logs - #498243 xine-lib: multiple heap overflows Package: xine-lib; Maintainer for xine-lib is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 8 Sep 2008 12:27:02 UTC Severity: grave Tags: help, security, upstream Done: Nico Golde <nion@debianorg> Bug is archive ...

It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2 ...

CWE-119 http://www.securityfocus.com/bid/30797 http://www.ocert.org/analysis/2008-008/analysis.txt http://securityreason.com/securityalert/4648 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html http://secunia.com/advisories/31827 https://exchange.xforce.ibmcloud.com/vulnerabilities/44657 http://www.securityfocus.com/archive/1/495674/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243 https://usn.ubuntu.com/710-1/https://nvd.nist.gov

CVE-2008-5242

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect