UbuntuUSN-635-1xine-lib vulnerabilities
8.4 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.163 Low
EPSS
Percentile
96.0%
Releases
- Ubuntu 8.04
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.06
Packages
- xine-lib -
Details
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0225, CVE-2008-0238)
Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked into opening a crafted FLAC file, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0486)
It was discovered that the ASF demuxer in xine-lib did not properly
check the length if the ASF header. If a user or automated system
were tricked into opening a crafted ASF file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2008-1110)
It was discovered that the Matroska demuxer in xine-lib did not
properly verify frame sizes. If xine-lib opened a crafted ASF file,
a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-1161)
Luigi Auriemma discovered multiple integer overflows in xine-lib. If
a user or automated system were tricked into opening a crafted FLV,
MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-1482)
It was discovered that xine-lib did not properly validate its input
when processing Speex file headers. If a user or automated system
were tricked into opening a specially crafted Speex file, an
attacker could create a denial of service or possibly execute
arbitrary code as the user invoking the program. (CVE-2008-1686)
Guido Landi discovered a stack-based buffer overflow in xine-lib
when processing NSF files. If xine-lib opened a specially crafted
NSF file with a long NSF title, an attacker could create a denial of
service or possibly execute arbitrary code as the user invoking the
program. (CVE-2008-1878)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 8.04 | noarch | libxine1 | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine-dev | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-bin | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-console | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-dbg | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-ffmpeg | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-gnome | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-misc-plugins | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libxine1-x | < 1.1.11.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libxine1 | < 1.1.7-1ubuntu1.3 | UNKNOWN |
References
Related
8.4 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.163 Low
EPSS
Percentile
96.0%