4.3
CVE-2008-5243
- EPSS 1.8%
- Veröffentlicht 26.11.2008 01:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.8% | 0.756 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31827
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
http://securityreason.com/securityalert/4648
http://www.ocert.org/analysis/2008-008/analysis.txt
http://www.securityfocus.com/archive/1/495674/100/0/threaded
http://www.securityfocus.com/bid/30797
http://secunia.com/advisories/33544
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44658