Lucene search

[email protected]CVE-2009-0698

HistoryFeb 23, 2009 - 3:30 p.m.

CVE-2009-0698

2009-02-2315:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-0698

integer overflow

4xm demuxer

xine-lib 1.1.16.1

remote code execution

denial of service

nvd

6.8 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.8%

JSON

Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.

CPENameOperatorVersion
xine:xine-libxine xine-libeq1.1.16.1

CPE	Name	Operator	Version
xine:xine-lib	xine xine-lib	eq	1.1.16.1

References

bugs.xine-project.org/show_bug.cgi?id=205

lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

sourceforge.net/project/shownotes.php?release_id=660071

www.mandriva.com/security/advisories?name=MDVSA-2009:298

www.mandriva.com/security/advisories?name=MDVSA-2009:299

www.securityfocus.com/archive/1/500514/100/0/threaded

www.trapkit.de/advisories/TKADV2009-004.txt

www.ubuntu.com/usn/USN-746-1

exchange.xforce.ibmcloud.com/vulnerabilities/48954

6.8 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2009-0698

prion2 debiancve2 openvas40 nessus21 ubuntucve3 ubuntu3 freebsd3 slackware1 seebug1 checkpoint_advisories1 cve1 debian2 fedora2 osv2 gentoo2 ibm1