CVE-2008-5237

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.12 and earlier, up to 1.1.15 and earlier

Description The issue is caused by multiple integer overflows that allow remote attackers to potentially execute arbitrary code or cause a denial of service. This can be achieved through crafted width and height values that are not validated by the mymng process header function in demux mng.c, or through crafted current atom size and string size values processed by the parse reference atom function in demux qt.c for an RDRF ATOM string.

Recommendations For xine-lib versions 1.1.12 and earlier, up to 1.1.15 and earlier, consider updating to a version that fixes the integer overflows in the mymng process header and parse reference atom functions. As a temporary workaround, consider restricting the input to the mymng process header and parse reference atom functions to prevent crafted values from being processed.