4 matches found
SUSE CVE-2008-5242
demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSDATOM atom allocation, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted media file...
openSUSE Security Update : xine-devel (xine-devel-483)
This update of xine fixes multiple buffer overflows while parsing files : - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245...
openSUSE 10 Security Update : xine-devel (xine-devel-5966)
This update of xine fixes multiple buffer overflows while parsing files : - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245...
CVE-2008-5242
The CVE-2008-5242 issue affects xine-lib up to 1.1.12/1.1.15, where demux_qt.c does not validate the count before calloc for STSD_ATOM, allowing a crafted media file to cause a denial of service and possibly execute arbitrary code. Publicly documented impacts include remote code execution in the ...