CVE-2008-5247

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.12 through 1.1.15

Description The issue concerns the real parse audio specific data function in demux real.c, which uses an untrusted height value, also referred to as codec data length, as a divisor. This allows remote attackers to cause a denial of service by triggering a divide-by-zero error and crash via a zero value.

Recommendations For xine-lib versions 1.1.12 through 1.1.15, consider applying a patch that checks for and handles the zero value in the real parse audio specific data function to prevent the divide-by-zero error. At the moment, there is no information about a newer version that contains a fix for this vulnerability.