Lucene search

K

[email protected]NVD:CVE-2008-1110

HistoryFeb 29, 2008 - 7:44 p.m.

CVE-2008-1110

2008-02-2919:44:00

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.098 Low

EPSS

Percentile

94.9%

Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.

Affected configurations

NVD

Node

xinexine-libRange≤1.1.9

OR

xinexine-pluginRange≤1.1.9

References

bugs.gentoo.org/show_bug.cgi?id=208100

hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb

secunia.com/advisories/29141

secunia.com/advisories/31393

security.gentoo.org/glsa/glsa-200802-12.xml

sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608

www.mandriva.com/security/advisories?name=MDVSA-2008:178

www.ubuntu.com/usn/usn-635-1

xinehq.de/index.php/news

xinehq.de/index.php/security

exchange.xforce.ibmcloud.com/vulnerabilities/41019

www.exploit-db.com/exploits/1641

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.098 Low

EPSS

Percentile

94.9%

Related for NVD:CVE-2008-1110

prion2 ubuntucve2 cvelist2 cve2 nessus7 gentoo2 openvas14 debiancve1 nvd1 freebsd1 ubuntu1