CVE-2008-3231

Published: Jul 18, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.

Affected (38)

Products: Xine: Xine Lib

1 product

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Xine Xine Lib	Up to 1.1.14
Xine Xine Lib	Version 0.9.13
Xine Xine Lib	Version 0.9.8
Xine Xine Lib	Version 0.99
Xine Xine Lib	Version 1.0.1
Xine Xine Lib	Version 1.0.2
Xine Xine Lib	Version 1.0.3a
Xine Xine Lib	Version 1.0
Xine Xine Lib	Version 1.1.0
Xine Xine Lib	Version 1.1.10.1
Xine Xine Lib	Version 1.1.10
Xine Xine Lib	Version 1.1.11.1
Xine Xine Lib	Version 1.1.11
Xine Xine Lib	Version 1.1.12
Xine Xine Lib	Version 1.1.13
Xine Xine Lib	Version 1.1.1
Xine Xine Lib	Version 1.1.2
Xine Xine Lib	Version 1.1.3
Xine Xine Lib	Version 1.1.4
Xine Xine Lib	Version 1.1.5
Xine Xine Lib	Version 1.1.6
Xine Xine Lib	Version 1.1.7
Xine Xine Lib	Version 1.1.8
Xine Xine Lib	Version 1.1.9.1
Xine Xine Lib	Version 1.1.9
Xine Xine Lib	Version 1 rc0a
Xine Xine Lib	Version 1 rc1
Xine Xine Lib	Version 1 rc2
Xine Xine Lib	Version 1 rc3
Xine Xine Lib	Version 1 rc3a
Xine Xine Lib	Version 1 rc3b
Xine Xine Lib	Version 1 rc3c
Xine Xine Lib	Version 1 rc4
Xine Xine Lib	Version 1 rc4a
Xine Xine Lib	Version 1 rc5
Xine Xine Lib	Version 1 rc6a
Xine Xine Lib	Version 1 rc7
Xine Xine Lib	Version 1 rc8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/31827

Source: cve@mitre.org

Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=619869

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/07/13/3

Source: cve@mitre.org

http://www.securityfocus.com/bid/30699

Source: cve@mitre.org

ExploitPatch

http://www.securitytracker.com/id?1020703

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2382

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/44040

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31827

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=619869

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/07/13/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30699

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.securitytracker.com/id?1020703

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2382

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/44040

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.