Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0238

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0238
Last Modified 10 Sep 2008 09:04:51
Published 11 Jan 2008 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0238

Summary

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Xine-lib 1.1.9


References

UBUNTU - USN-635-1

SECUNIA - 31393

SECUNIA - 28384

MANDRIVA - MDVSA-2008:045

MANDRIVA - MDVSA-2008:020

GENTOO - GLSA-200801-12

SECUNIA - 28955

SECUNIA - 28674

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=205197


Last Updated: 27 May 2016 10:46:43