PT-2008-6383 · Xine · Xine-Lib

Will Drewry

Published

2008-11-26

Updated

2018-10-11

CVE-2008-5241

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.12 and earlier, including 1.1.15 and earlier

Description The issue is related to an integer underflow in the demux qt.c file, which can be triggered by a crafted media file. This results in a denial of service, causing the program to crash. The problem occurs when a compressed MOV file contains a small value of moov atom size, leading to the underflow.

Recommendations For xine-lib versions 1.1.12 and earlier, including 1.1.15 and earlier, update to a version that fixes the integer underflow issue in demux qt.c to prevent denial of service attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-5241

Affected Products

Xine-Lib

PT-2008-6383 · Xine · Xine-Lib

CVE-2008-5241

Weakness Enumeration

Related Identifiers

Affected Products

References · 11