6.8
CVE-2008-1482
- EPSS 9.54%
- Veröffentlicht 24.03.2008 22:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.54% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29622
http://secunia.com/advisories/31393
http://www.ubuntu.com/usn/usn-635-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://secunia.com/advisories/29740
http://secunia.com/advisories/31372
http://security.gentoo.org/glsa/glsa-200808-01.xml
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
http://aluigi.altervista.org/adv/xinehof-adv.txt
http://aluigi.org/poc/xinehof.zip
http://secunia.com/advisories/29484
http://secunia.com/advisories/29600
http://secunia.com/advisories/29756
http://secunia.com/advisories/30337
http://securityreason.com/securityalert/3769
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137
http://www.debian.org/security/2008/dsa-1586
http://www.securityfocus.com/archive/1/489894/100/0/threaded
http://www.securityfocus.com/bid/28370
http://www.vupen.com/english/advisories/2008/0981/references
https://bugzilla.redhat.com/show_bug.cgi?id=438663
https://exchange.xforce.ibmcloud.com/vulnerabilities/41350
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html