Lucene search

[email protected]NVD:CVE-2008-5236

HistoryNov 26, 2008 - 1:30 a.m.

CVE-2008-5236

2008-11-2601:30:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.106 Low

EPSS

Percentile

95.1%

JSON

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.

Affected configurations

NVD

Node

xinexineRange≤1.1.5

xinexineMatch0.9.13

xinexineMatch1beta1

xinexineMatch1beta10

xinexineMatch1beta11

xinexineMatch1beta12

xinexineMatch1beta2

xinexineMatch1beta3

xinexineMatch1beta4

xinexineMatch1beta5

xinexineMatch1beta6

xinexineMatch1beta7

xinexineMatch1beta8

xinexineMatch1beta9

xinexineMatch1rc0a

xinexineMatch1rc1

xinexineMatch1rc2

xinexineMatch1rc3

xinexineMatch1rc3a

xinexineMatch1rc3b

xinexineMatch1rc3c

xinexineMatch1rc4

xinexineMatch1rc4a

xinexineMatch1rc5

xinexineMatch1rc6a

xinexineMatch1rc7

xinexineMatch1rc8

xinexineMatch1.0

xinexineMatch1.0.1

xinexineMatch1.0.2

xinexineMatch1.0.3a

xinexineMatch1.1.0

xinexineMatch1.1.1

xinexineMatch1.1.2

xinexineMatch1.1.3

xinexineMatch1.1.4

xinexineMatch1.1.10.1

xinexineMatch1.1.11

xinexineMatch1.1.11.1

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/31502

secunia.com/advisories/31567

secunia.com/advisories/31827

secunia.com/advisories/33544

securityreason.com/securityalert/4648

sourceforge.net/project/shownotes.php?release_id=619869

www.mandriva.com/security/advisories?name=MDVSA-2009:020

www.ocert.org/analysis/2008-008/analysis.txt

www.osvdb.org/47744

www.securityfocus.com/archive/1/495674/100/0/threaded

www.securityfocus.com/bid/30797

www.vupen.com/english/advisories/2008/2382

www.vupen.com/english/advisories/2008/2427

exchange.xforce.ibmcloud.com/vulnerabilities/44634

exchange.xforce.ibmcloud.com/vulnerabilities/44642

www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.106 Low

EPSS

Percentile

95.1%

JSON

Related for NVD:CVE-2008-5236

cve1 ubuntucve2 openvas15 cvelist1 prion1 nessus11 fedora2 ubuntu1 gentoo1