Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5244
HistoryNov 25, 2008 - 12:00 a.m.

CVE-2008-5244

2008-11-2500:00:00
ubuntu.com
ubuntu.com
6

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and
attack vectors related to libfaad. NOTE: due to the lack of details, it is
not clear whether this is an issue in xine-lib or in libfaad.

Notes

Author Note
mdeslaur Same AAC issue as the first part of CVE-2008-4610 looks like debian fixed this by building xine-lib with the system faad, which is in universe for us… Tester is lol-vlc.aac. Doesn’t crash intrepid. xine 1.1.15 updated built-in libfaad to get rid of crashers Not sure what to do for older versions…
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchxine-lib< 1.1.1+ubuntu2-7.10UNKNOWN
ubuntu7.10noarchxine-lib< 1.1.7-1ubuntu1.4UNKNOWN
ubuntu8.04noarchxine-lib< 1.1.11.1-1ubuntu3.2UNKNOWN

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%