ID CVE-2008-1482
Summary Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
References
Vulnerable Configurations
  • cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 11-10-2018 - 20:34)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 28370
bugtraq 20080320 Multiple heap overflows in xine-lib 1.1.11
confirm https://bugzilla.redhat.com/show_bug.cgi?id=438663
debian DSA-1586
fedora
  • FEDORA-2008-2849
  • FEDORA-2008-2945
gentoo GLSA-200808-01
mandriva MDVSA-2008:178
misc
secunia
  • 29484
  • 29600
  • 29622
  • 29740
  • 29756
  • 30337
  • 31372
  • 31393
slackware SSA:2008-092-01
sreason 3769
suse SUSE-SR:2008:008
ubuntu USN-635-1
vupen ADV-2008-0981
xf xinelib-multiple-bo(41350)
Last major update 11-10-2018 - 20:34
Published 24-03-2008 - 22:44
Back to Top