Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1482

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1482
Last Modified 07 Mar 2011 10:07:09
Published 24 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1482

Summary

Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

Vulnerable Systems

Application

  • Xine-lib 1.1.11


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=438663

VUPEN - ADV-2008-0981

UBUNTU - USN-635-1

BID - 28370

BUGTRAQ - 20080320 Multiple heap overflows in xine-lib 1.1.11

MANDRIVA - MDVSA-2008:178

DEBIAN - DSA-1586

GENTOO - GLSA-200808-01

SECUNIA - 31393

SECUNIA - 31372

SECUNIA - 30337

MISC - http://aluigi.org/poc/xinehof.zip

MISC - http://aluigi.altervista.org/adv/xinehof-adv.txt

FEDORA - FEDORA-2008-2849

FEDORA - FEDORA-2008-2945

XF - xinelib-multiple-bo(41350)

SLACKWARE - SSA:2008-092-01

SREASON - 3769

SECUNIA - 29756

SECUNIA - 29740

SECUNIA - 29622

SECUNIA - 29600

SECUNIA - 29484

SUSE - SUSE-SR:2008:008


Last Updated: 27 May 2016 10:47:08