Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5238

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-5238
Last Modified 20 Aug 2009 01:23:01
Published 25 Nov 2008 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5238

Summary

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.

Vulnerable Systems

Application

  • Xine 0.9.13

  • Xine 1

  • Xine 1.0

  • Xine 1.0.1

  • Xine 1.0.2

  • Xine 1.0.3a

  • Xine 1.1.0

  • Xine 1.1.1

  • Xine 1.1.10.1

  • Xine 1.1.11

  • Xine 1.1.11.1

  • Xine 1.1.14

  • Xine 1.1.2

  • Xine 1.1.3

  • Xine 1.1.4


References

FEDORA - FEDORA-2008-7512

FEDORA - FEDORA-2008-7572

XF - xinelib-realparsemdpr-bo(44650)

BID - 30797

BUGTRAQ - 20080822 [oCERT-2008-008] multiple heap overflows in xine-lib

MISC - http://www.ocert.org/analysis/2008-008/analysis.txt

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=619869

SECTRACK - 1020703

SREASON - 4648

SECUNIA - 31827

SUSE - SUSE-SR:2009:004


Last Updated: 27 May 2016 10:48:45