CVE-2008-5242

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.12 and earlier, including 1.1.15 and earlier

Description The issue concerns a lack of validation in the count field before memory allocation, which can be exploited by remote attackers using a crafted media file. This can lead to a denial of service (crash) or potentially allow the execution of arbitrary code.

Recommendations For xine-lib versions 1.1.12 and earlier, including 1.1.15 and earlier, update to a version that fixes the issue in demux qt.c, ensuring proper validation of the count field before calling calloc for STSD ATOM atom allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.