CVE-2008-5237

Published: Nov 26, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

Affected (39)

Products: Xine: Xine

1 product

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Xine Xine	Up to 1.1.5
Xine Xine	Version 0.9.13
Xine Xine	Version 1.0.1
Xine Xine	Version 1.0.2
Xine Xine	Version 1.0.3a
Xine Xine	Version 1.0
Xine Xine	Version 1.1.0
Xine Xine	Version 1.1.10.1
Xine Xine	Version 1.1.11.1
Xine Xine	Version 1.1.11
Xine Xine	Version 1.1.1
Xine Xine	Version 1.1.2
Xine Xine	Version 1.1.3
Xine Xine	Version 1.1.4
Xine Xine	Version 1 beta10
Xine Xine	Version 1 beta11
Xine Xine	Version 1 beta12
Xine Xine	Version 1 beta1
Xine Xine	Version 1 beta2
Xine Xine	Version 1 beta3
Xine Xine	Version 1 beta4
Xine Xine	Version 1 beta5
Xine Xine	Version 1 beta6
Xine Xine	Version 1 beta7
Xine Xine	Version 1 beta8
Xine Xine	Version 1 beta9
Xine Xine	Version 1 rc0a
Xine Xine	Version 1 rc1
Xine Xine	Version 1 rc2
Xine Xine	Version 1 rc3
Xine Xine	Version 1 rc3a
Xine Xine	Version 1 rc3b
Xine Xine	Version 1 rc3c
Xine Xine	Version 1 rc4
Xine Xine	Version 1 rc4a
Xine Xine	Version 1 rc5
Xine Xine	Version 1 rc6a
Xine Xine	Version 1 rc7
Xine Xine	Version 1 rc8

Related CWEs

References (24)

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/31827

Source: cve@mitre.org

http://secunia.com/advisories/33544

Source: cve@mitre.org

http://securityreason.com/securityalert/4648

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

Source: cve@mitre.org

http://www.ocert.org/analysis/2008-008/analysis.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/495674/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/30797

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44652

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31827

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33544

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4648

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/analysis/2008-008/analysis.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/495674/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30797

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44652

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.