CVE-2008-5238

Published: Nov 26, 2008Modified: Apr 23, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.

Affected (39)

Products: Xine: Xine

1 product

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Xine Xine	Up to 1.1.14
Xine Xine	Version 0.9.13
Xine Xine	Version 1.0.1
Xine Xine	Version 1.0.2
Xine Xine	Version 1.0.3a
Xine Xine	Version 1.0
Xine Xine	Version 1.1.0
Xine Xine	Version 1.1.10.1
Xine Xine	Version 1.1.11.1
Xine Xine	Version 1.1.11
Xine Xine	Version 1.1.1
Xine Xine	Version 1.1.2
Xine Xine	Version 1.1.3
Xine Xine	Version 1.1.4
Xine Xine	Version 1 beta10
Xine Xine	Version 1 beta11
Xine Xine	Version 1 beta12
Xine Xine	Version 1 beta1
Xine Xine	Version 1 beta2
Xine Xine	Version 1 beta3
Xine Xine	Version 1 beta4
Xine Xine	Version 1 beta5
Xine Xine	Version 1 beta6
Xine Xine	Version 1 beta7
Xine Xine	Version 1 beta8
Xine Xine	Version 1 beta9
Xine Xine	Version 1 rc0a
Xine Xine	Version 1 rc1
Xine Xine	Version 1 rc2
Xine Xine	Version 1 rc3
Xine Xine	Version 1 rc3a
Xine Xine	Version 1 rc3b
Xine Xine	Version 1 rc3c
Xine Xine	Version 1 rc4
Xine Xine	Version 1 rc4a
Xine Xine	Version 1 rc5
Xine Xine	Version 1 rc6a
Xine Xine	Version 1 rc7
Xine Xine	Version 1 rc8

Related CWEs

References (22)

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/31827

Source: cve@mitre.org

http://securityreason.com/securityalert/4648

Source: cve@mitre.org

http://securitytracker.com/id?1020703

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=619869

Source: cve@mitre.org

http://www.ocert.org/analysis/2008-008/analysis.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/495674/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/30797

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44650

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31827

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4648

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020703

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=619869

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/analysis/2008-008/analysis.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/495674/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30797

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44650

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.