PT-2008-6375 · Xine · Xine-Lib
Will Drewry
·
Published
2008-11-26
·
Updated
2018-10-11
·
CVE-2008-5233
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
xine-lib versions 1.1.12 through 1.1.14
Description
The issue is related to the failure of malloc checks in certain functions, including the
mymng process header function in demux mng.c, the open mod file function in demux mod.c, and frame buffer allocation in the real parse audio specific data function in demux real.c. This can be exploited by remote attackers using a crafted media file, potentially leading to a denial of service (crash) or possibly the execution of arbitrary code.Recommendations
For xine-lib versions 1.1.12 through 1.1.14, update to version 1.1.15 or later to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xine-Lib