Lucene search
Ubuntu.comUB:CVE-2008-5242HistoryNov 25, 2008 - 12:00 a.m.
CVE-2008-5242
2008-11-2500:00:00
ubuntu.com
ubuntu.com
12
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.4%
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does
not validate the count field before calling calloc for STSD_ATOM atom
allocation, which allows remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a crafted media file.
Notes
| Author | Note |
|---|---|
| mdeslaur | combined with fix for CVE-2008-5234 |
References
Related
prion
prion
Heap overflow
2008-11-26 01:30:00
Code injection
2008-11-26 01:30:00
cve
cve
CVE-2008-5242
2008-11-26 01:30:00
CVE-2008-5234
2008-11-26 01:30:00
ubuntucve
ubuntucve
CVE-2008-5246
2008-11-26 00:00:00
CVE-2008-5234
2008-11-26 00:00:00
openvas
openvas
FreeBSD Ports: libxine
2009-05-20 00:00:00
FreeBSD Ports: libxine
2009-05-20 00:00:00
Ubuntu: Security Advisory (USN-710-1)
2009-02-02 00:00:00
nessus
nessus
FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)
2009-05-18 00:00:00
Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)
2008-09-10 00:00:00
Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572)
2008-09-10 00:00:00
freebsd
freebsd
libxine -- multiple vulnerabilities
2009-02-15 00:00:00
ubuntu
ubuntu
xine-lib vulnerabilities
2009-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: xine-lib-1.1.16-1.fc10
2009-01-15 03:02:41
[SECURITY] Fedora 9 Update: xine-lib-1.1.16-1.fc9.1
2009-01-15 03:07:21
gentoo
gentoo
xine-lib: User-assisted execution of arbitrary code
2010-06-01 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.4%
Related for UB:CVE-2008-5242