Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0486

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0486
Last Modified 07 Mar 2011 10:04:47
Published 05 Feb 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0486

Summary

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Vulnerable Systems

Application

  • Mplayer 1.02rc2

  • Xine-lib 1.1.10


References

FEDORA - FEDORA-2008-1581

FEDORA - FEDORA-2008-1543

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=431541

VUPEN - ADV-2008-0421

VUPEN - ADV-2008-0406

UBUNTU - USN-635-1

BID - 27441

BUGTRAQ - 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability

CONFIRM - http://www.mplayerhq.hu/design7/news.html

MANDRIVA - MDVSA-2008:046

MANDRIVA - MDVSA-2008:045

DEBIAN - DSA-1536

DEBIAN - DSA-1496

MISC - http://www.coresecurity.com/?action=item&id=2103

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735

SREASON - 3608

GENTOO - GLSA-200803-16

GENTOO - GLSA-200802-12

SECUNIA - 31393

SECUNIA - 29601

SECUNIA - 29323

SECUNIA - 29307

SECUNIA - 29141

SECUNIA - 28989

SECUNIA - 28956

SECUNIA - 28955

SECUNIA - 28918

SECUNIA - 28801

SECUNIA - 28779

SUSE - SUSE-SR:2008:006

CONFIRM - http://bugs.xine-project.org/show_bug.cgi?id=38

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=209106


Last Updated: 27 May 2016 10:46:50