CVE-2008-5236

EPSS 5.52%
Veröffentlicht 26.11.2008 01:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c.  NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xine ≫ Xine Version <= 1.1.5

Xine ≫ Xine Version0.9.13

Xine ≫ Xine Version1 Updatebeta1

Xine ≫ Xine Version1 Updatebeta10

Xine ≫ Xine Version1 Updatebeta11

Xine ≫ Xine Version1 Updatebeta12

Xine ≫ Xine Version1 Updatebeta2

Xine ≫ Xine Version1 Updatebeta3

Xine ≫ Xine Version1 Updatebeta4

Xine ≫ Xine Version1 Updatebeta5

Xine ≫ Xine Version1 Updatebeta6

Xine ≫ Xine Version1 Updatebeta7

Xine ≫ Xine Version1 Updatebeta8

Xine ≫ Xine Version1 Updatebeta9

Xine ≫ Xine Version1 Updaterc0a

Xine ≫ Xine Version1 Updaterc1

Xine ≫ Xine Version1 Updaterc2

Xine ≫ Xine Version1 Updaterc3

Xine ≫ Xine Version1 Updaterc3a

Xine ≫ Xine Version1 Updaterc3b

Xine ≫ Xine Version1 Updaterc3c

Xine ≫ Xine Version1 Updaterc4

Xine ≫ Xine Version1 Updaterc4a

Xine ≫ Xine Version1 Updaterc5

Xine ≫ Xine Version1 Updaterc6a

Xine ≫ Xine Version1 Updaterc7

Xine ≫ Xine Version1 Updaterc8

Xine ≫ Xine Version1.0

Xine ≫ Xine Version1.0.1

Xine ≫ Xine Version1.0.2

Xine ≫ Xine Version1.0.3a

Xine ≫ Xine Version1.1.0

Xine ≫ Xine Version1.1.1

Xine ≫ Xine Version1.1.2

Xine ≫ Xine Version1.1.3

Xine ≫ Xine Version1.1.4

Xine ≫ Xine Version1.1.10.1

Xine ≫ Xine Version1.1.11

Xine ≫ Xine Version1.1.11.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.52%	0.892

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://secunia.com/advisories/31827

http://sourceforge.net/project/shownotes.php?release_id=619869

http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

http://www.vupen.com/english/advisories/2008/2382

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

http://securityreason.com/securityalert/4648

http://www.ocert.org/analysis/2008-008/analysis.txt

http://www.securityfocus.com/archive/1/495674/100/0/threaded

http://www.securityfocus.com/bid/30797

http://secunia.com/advisories/31502