6.8

CVE-2008-1482

Exploit
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XineXine-lib Version1.1.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.54% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29622
http://secunia.com/advisories/31393
http://www.ubuntu.com/usn/usn-635-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://secunia.com/advisories/29740
http://secunia.com/advisories/31372
http://security.gentoo.org/glsa/glsa-200808-01.xml
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
http://aluigi.altervista.org/adv/xinehof-adv.txt
Exploit
http://aluigi.org/poc/xinehof.zip
Exploit
http://secunia.com/advisories/29484
http://secunia.com/advisories/29600
http://secunia.com/advisories/29756
http://secunia.com/advisories/30337
http://securityreason.com/securityalert/3769
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137
http://www.debian.org/security/2008/dsa-1586
http://www.securityfocus.com/archive/1/489894/100/0/threaded
http://www.securityfocus.com/bid/28370
Exploit
http://www.vupen.com/english/advisories/2008/0981/references
https://bugzilla.redhat.com/show_bug.cgi?id=438663
https://exchange.xforce.ibmcloud.com/vulnerabilities/41350
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html