Showing 1 - 3 of 3

CVE-2008-5248

Status Candidate

Overview

xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."

Gentoo Linux Security Advisory 201006-4: Posted Jun 2, 2010; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201006-4 - Multiple vulnerabilities in xine-lib might result in the remote execution of arbitrary code. Multiple vulnerabilities have been reported in xine-lib. Versions less than 1.1.16.3 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5235, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5245, CVE-2008-5246, CVE-2008-5247, CVE-2008-5248, CVE-2009-0698; SHA-256 | 3d573a1bf8635f59a558d880f1824403c79842bfc90c6d34a2e2239ac6a931c0; Download | Favorite | View

Mandriva Linux Security Advisory 2009-298: Posted Nov 17, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-298 - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via mp3 files with metadata consisting only of separators. Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. This update fixes these issues.; tags | advisory, remote, denial of service, overflow, arbitrary; systems | linux, mandriva; advisories | CVE-2008-5248, CVE-2009-1274, CVE-2009-0698; SHA-256 | 5d042dccc94ef37a7d0408f534588f6948d25d09047cfc5837da14932f9f6036; Download | Favorite | View

Ubuntu Security Notice 710-1: Posted Jan 26, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-710-1 - A large amount of xine-lib vulnerabilities have been addressed in a package update. The issues addressed range from denial of service to arbitrary code execution vulnerabilities.; tags | advisory, denial of service, arbitrary, vulnerability, code execution; systems | linux, ubuntu; advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5246, CVE-2008-5248; SHA-256 | 7a57d4c1776774d0d20e16a7e70f2bd1e115b441a773f80d44141450b4576de4; Download | Favorite | View

Page 1 of 1 Back 1 Next