Lucene search

[email protected]NVD:CVE-2008-5259

HistoryApr 16, 2009 - 3:12 p.m.

CVE-2008-5259

2009-04-1615:12:57

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.081 Low

EPSS

Percentile

94.3%

JSON

Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

divxdivx_web_playerRange≤1.4.2.7

divxdivx_web_playerMatch1.0.1

divxdivx_web_playerMatch1.0.2

divxdivx_web_playerMatch1.1

divxdivx_web_playerMatch1.1.0

divxdivx_web_playerMatch1.2

divxdivx_web_playerMatch1.2.0

divxdivx_web_playerMatch1.3

divxdivx_web_playerMatch1.3.0

divxdivx_web_playerMatch1.3.1

divxdivx_web_playerMatch1.4

divxdivx_web_playerMatch1.4.0beta2

divxdivx_web_playerMatch1.4.1beta1

divxdivx_web_playerMatch1.4.2beta2

References

secunia.com/advisories/33196

secunia.com/secunia_research/2008-57/

www.securityfocus.com/archive/1/502701/100/0/threaded

www.securityfocus.com/bid/34523

www.securitytracker.com/id?1022061

www.vupen.com/english/advisories/2009/1044

exchange.xforce.ibmcloud.com/vulnerabilities/49908

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.081 Low

EPSS

Percentile

94.3%

JSON

Related for NVD:CVE-2008-5259

kaspersky1 seebug2 securityvulns2 openvas3 cvelist1 cve1 nessus1 prion1