fkie_nvd - fkie_cve-2008-5237

fkie_cve-2008-5237

Vulnerability from fkie_nvd

Published

2008-11-26 01:30

Modified

2024-11-21 00:53

Severity ?

Summary

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

References

▼	URL	Tags
	cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
	cve@mitre.org	http://secunia.com/advisories/31827
	cve@mitre.org	http://secunia.com/advisories/33544
	cve@mitre.org	http://securityreason.com/securityalert/4648
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
	cve@mitre.org	http://www.ocert.org/analysis/2008-008/analysis.txt
	cve@mitre.org	http://www.securityfocus.com/archive/1/495674/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/30797
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
	cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
	cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
	cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31827
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33544
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4648
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
	af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/analysis/2008-008/analysis.txt
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495674/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30797
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html

Impacted products

Vendor	Product	Version
xine	xine	*
xine	xine	0.9.13
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1
xine	xine	1.0
xine	xine	1.0.1
xine	xine	1.0.2
xine	xine	1.0.3a
xine	xine	1.1.0
xine	xine	1.1.1
xine	xine	1.1.2
xine	xine	1.1.3
xine	xine	1.1.4
xine	xine	1.1.10.1
xine	xine	1.1.11
xine	xine	1.1.11.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E2289A-767D-445B-8AF5-4201E3806F78",
              "versionEndIncluding": "1.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
              "matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
              "matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
              "matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
              "matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
              "matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
              "matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2A24E4-CB4A-4D71-804F-63DA24563D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en xine-lib 1.1.12, y otros 1.1.15 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) valores de altura y anchura manipulados que no se validan por al funci\u00f3n mymng_process_header en demux_mng.c antes de usarse en un c\u00e1lculo de asignaci\u00f3n o (2)valores current_atom_size y string_size manipulados procesados por la funci\u00f3n arse_reference_atom en demux_qt.c."
    }
  ],
  "id": "CVE-2008-5237",
  "lastModified": "2024-11-21T00:53:37.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-26T01:30:00.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33544"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4648"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30797"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-5237

Vulnerability from cvelistv5

Published

2008-11-26 01:00

Modified

2024-08-07 10:49