CVE-2008-5236

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.12 through 1.1.15

Description The issue is related to multiple heap-based buffer overflows that allow remote attackers to execute arbitrary code. This is achieved through vectors related to a crafted EBML element length processed by the parse block group function, a certain combination of sps, w, and h values processed by the real parse audio specific data and demux real send chunk functions, and an unspecified combination of three values processed by the open ra file function. One of the vectors reportedly exists due to an incomplete fix in version 1.1.15.

Recommendations For xine-lib versions 1.1.12 through 1.1.15, update to a version later than 1.1.15 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.