CVE-2008-5237

NONE EPSS 91.9%
Published Nov 26, 200817y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 26, 2008 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

Threat Intelligence

EPSS Exploit Probability
91.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 39

VendorProductVersionRange
xinexine* ≤1.1.5
xinexine0.9.13any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1any
xinexine1.0any
xinexine1.0.1any
xinexine1.0.2any
xinexine1.0.3aany
xinexine1.1.0any
xinexine1.1.1any
xinexine1.1.2any
xinexine1.1.3any
xinexine1.1.4any
xinexine1.1.10.1any
xinexine1.1.11any
xinexine1.1.11.1any

References 12

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
  • secunia.com http://secunia.com/advisories/31827
  • secunia.com http://secunia.com/advisories/33544
  • securityreason.com http://securityreason.com/securityalert/4648
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
  • ocert.org http://www.ocert.org/analysis/2008-008/analysis.txt
  • securityfocus.com http://www.securityfocus.com/archive/1/495674/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/30797
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.