CVE-2008-5236

NONE EPSS 92.1%
Published Nov 26, 200817y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 26, 2008 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.

Threat Intelligence

EPSS Exploit Probability
92.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 39

VendorProductVersionRange
xinexine* ≤1.1.5
xinexine0.9.13any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1.0any
xinexine1.0.1any
xinexine1.0.2any
xinexine1.0.3aany
xinexine1.1.0any
xinexine1.1.1any
xinexine1.1.2any
xinexine1.1.3any
xinexine1.1.4any
xinexine1.1.10.1any
xinexine1.1.11any
xinexine1.1.11.1any

References 19

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
  • secunia.com http://secunia.com/advisories/31502
  • secunia.com http://secunia.com/advisories/31567
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/31827
  • secunia.com http://secunia.com/advisories/33544
  • securityreason.com http://securityreason.com/securityalert/4648
  • sourceforge.net http://sourceforge.net/project/shownotes.php?release_id=619869
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
  • ocert.org http://www.ocert.org/analysis/2008-008/analysis.txt
  • osvdb.org http://www.osvdb.org/47744
  • securityfocus.com http://www.securityfocus.com/archive/1/495674/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/30797
  • vupen.com http://www.vupen.com/english/advisories/2008/2382
  • vupen.com http://www.vupen.com/english/advisories/2008/2427
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/44634
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/44642
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.