Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5241

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5241
Last Modified 26 Aug 2009 01:17:47
Published 25 Nov 2008 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5241

Summary

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

Vulnerable Systems

Application

  • Xine-lib 0.9.13

  • Xine-lib 1

  • Xine-lib 1 Beta1

  • Xine-lib 1 Beta10

  • Xine-lib 1 Beta11

  • Xine-lib 1 Beta12

  • Xine-lib 1 Beta2

  • Xine-lib 1 Beta3

  • Xine-lib 1 Beta4

  • Xine-lib 1 Beta5

  • Xine-lib 1 Beta6

  • Xine-lib 1 Beta7

  • Xine-lib 1 Beta8

  • Xine-lib 1 Beta9

  • Xine-lib 1.0

  • Xine-lib 1.0.1

  • Xine-lib 1.0.2

  • Xine-lib 1.0.3a

  • Xine-lib 1.1.0

  • Xine-lib 1.1.1

  • Xine-lib 1.1.10

  • Xine-lib 1.1.10.1

  • Xine-lib 1.1.11

  • Xine-lib 1.1.11.1

  • Xine-lib 1.1.12

  • Xine-lib 1.1.13

  • Xine-lib 1.1.14

  • Xine-lib 1.1.15

  • Xine-lib 1.1.2

  • Xine-lib 1.1.3

  • Xine-lib 1.1.4

  • Xine-lib 1.1.5

  • Xine-lib 1.1.6

  • Xine-lib 1.1.7

  • Xine-lib 1.1.8

  • Xine-lib 1.1.9

  • Xine-lib 1.1.9.1


References

BID - 30797

FEDORA - FEDORA-2008-7512

FEDORA - FEDORA-2008-7572

XF - xinelib-demuxqtc-cmovatom-dos(44656)

BUGTRAQ - 20080822 [oCERT-2008-008] multiple heap overflows in xine-lib

MISC - http://www.ocert.org/analysis/2008-008/analysis.txt

MANDRIVA - MDVSA-2009:020

SREASON - 4648

SECUNIA - 31827

SUSE - SUSE-SR:2009:004


Last Updated: 27 May 2016 10:48:45