4.3

CVE-2008-3231

Exploit
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XineXine-lib Version <= 1.1.14
XineXine-lib Version0.9.8
XineXine-lib Version0.9.13
XineXine-lib Version0.99
XineXine-lib Version1 Updaterc0a
XineXine-lib Version1 Updaterc1
XineXine-lib Version1 Updaterc2
XineXine-lib Version1 Updaterc3
XineXine-lib Version1 Updaterc3a
XineXine-lib Version1 Updaterc3b
XineXine-lib Version1 Updaterc3c
XineXine-lib Version1 Updaterc4
XineXine-lib Version1 Updaterc4a
XineXine-lib Version1 Updaterc5
XineXine-lib Version1 Updaterc6a
XineXine-lib Version1 Updaterc7
XineXine-lib Version1 Updaterc8
XineXine-lib Version1.0
XineXine-lib Version1.0.1
XineXine-lib Version1.0.2
XineXine-lib Version1.0.3a
XineXine-lib Version1.1.0
XineXine-lib Version1.1.1
XineXine-lib Version1.1.2
XineXine-lib Version1.1.3
XineXine-lib Version1.1.4
XineXine-lib Version1.1.5
XineXine-lib Version1.1.6
XineXine-lib Version1.1.7
XineXine-lib Version1.1.8
XineXine-lib Version1.1.9
XineXine-lib Version1.1.9.1
XineXine-lib Version1.1.10
XineXine-lib Version1.1.10.1
XineXine-lib Version1.1.11
XineXine-lib Version1.1.11.1
XineXine-lib Version1.1.12
XineXine-lib Version1.1.13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.92% 0.773
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.openwall.com/lists/oss-security/2008/07/13/3
http://secunia.com/advisories/31827
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=619869
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
http://www.securityfocus.com/bid/30699
Patch
Exploit
http://www.securitytracker.com/id?1020703
http://www.vupen.com/english/advisories/2008/2382
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44040
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html