CVE-2008-5237

2008-11-2600:00:00

ubuntu.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.044 Low

EPSS

Percentile

92.5%

JSON

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier
versions, allow remote attackers to cause a denial of service (crash) or
possibly execute arbitrary code via (1) crafted width and height values
that are not validated by the mymng_process_header function in demux_mng.c
before use in an allocation calculation or (2) crafted current_atom_size
and string_size values processed by the parse_reference_atom function in
demux_qt.c for an RDRF_ATOM string.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchxine-lib< 1.1.1+ubuntu2-7.10UNKNOWN
ubuntu7.10noarchxine-lib< 1.1.7-1ubuntu1.4UNKNOWN
ubuntu8.04noarchxine-lib< 1.1.11.1-1ubuntu3.2UNKNOWN
ubuntu8.10noarchxine-lib< 1.1.15-0ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	xine-lib	< 1.1.1+ubuntu2-7.10	UNKNOWN
ubuntu	7.10	noarch	xine-lib	< 1.1.7-1ubuntu1.4	UNKNOWN
ubuntu	8.04	noarch	xine-lib	< 1.1.11.1-1ubuntu3.2	UNKNOWN
ubuntu	8.10	noarch	xine-lib	< 1.1.15-0ubuntu3.1	UNKNOWN