4.3
CVE-2008-3231
- EPSS 1.92%
- Veröffentlicht 18.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.92% | 0.773 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.openwall.com/lists/oss-security/2008/07/13/3
http://secunia.com/advisories/31827
http://sourceforge.net/project/shownotes.php?release_id=619869
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
http://www.securityfocus.com/bid/30699
http://www.securitytracker.com/id?1020703
http://www.vupen.com/english/advisories/2008/2382
https://exchange.xforce.ibmcloud.com/vulnerabilities/44040
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html