CVE-2008-5243
Mandriva Linux Security Advisory 2009-020
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
La función real_parse_headers en demux_real.c en xine-lib 1.1.12, y otras v1.1.15 y versiones anteriores, confía en un valor de longitud de entrada no confiable a "reindexar en un búfer asignado", lo que permite a atacantes remotos provocar una denegación de servicio (caída) mediante un valor manipulado, probablemente un error de índice de array.
Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files. Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata. Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files. Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files. Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Various other issues have also been addressed. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-11-25 CVE Reserved
- 2008-11-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/31827 | Third Party Advisory | |
| http://secunia.com/advisories/33544 | Third Party Advisory | |
| http://securityreason.com/securityalert/4648 | Third Party Advisory | |
| http://www.ocert.org/analysis/2008-008/analysis.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/495674/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30797 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44658 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | <= 1.1.15 Search vendor "Xine" for product "Xine-lib" and version " <= 1.1.15" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.9.13 Search vendor "Xine" for product "Xine-lib" and version "0.9.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc0a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc1 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc2 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3b |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3c |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc5 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc6a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc7 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc8 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0 Search vendor "Xine" for product "Xine-lib" and version "1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.1 Search vendor "Xine" for product "Xine-lib" and version "1.0.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.2 Search vendor "Xine" for product "Xine-lib" and version "1.0.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.3a Search vendor "Xine" for product "Xine-lib" and version "1.0.3a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.0 Search vendor "Xine" for product "Xine-lib" and version "1.1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.2 Search vendor "Xine" for product "Xine-lib" and version "1.1.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.3 Search vendor "Xine" for product "Xine-lib" and version "1.1.3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.4 Search vendor "Xine" for product "Xine-lib" and version "1.1.4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.5 Search vendor "Xine" for product "Xine-lib" and version "1.1.5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.6 Search vendor "Xine" for product "Xine-lib" and version "1.1.6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.7 Search vendor "Xine" for product "Xine-lib" and version "1.1.7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.8 Search vendor "Xine" for product "Xine-lib" and version "1.1.8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9 Search vendor "Xine" for product "Xine-lib" and version "1.1.9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.9.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10 Search vendor "Xine" for product "Xine-lib" and version "1.1.10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.10.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11 Search vendor "Xine" for product "Xine-lib" and version "1.1.11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.11.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.12 Search vendor "Xine" for product "Xine-lib" and version "1.1.12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.13 Search vendor "Xine" for product "Xine-lib" and version "1.1.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.14 Search vendor "Xine" for product "Xine-lib" and version "1.1.14" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta1 Search vendor "Xine" for product "Xine-lib" and version "1_beta1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta2 Search vendor "Xine" for product "Xine-lib" and version "1_beta2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta3 Search vendor "Xine" for product "Xine-lib" and version "1_beta3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta4 Search vendor "Xine" for product "Xine-lib" and version "1_beta4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta5 Search vendor "Xine" for product "Xine-lib" and version "1_beta5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta6 Search vendor "Xine" for product "Xine-lib" and version "1_beta6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta7 Search vendor "Xine" for product "Xine-lib" and version "1_beta7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta8 Search vendor "Xine" for product "Xine-lib" and version "1_beta8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta9 Search vendor "Xine" for product "Xine-lib" and version "1_beta9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta10 Search vendor "Xine" for product "Xine-lib" and version "1_beta10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta11 Search vendor "Xine" for product "Xine-lib" and version "1_beta11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta12 Search vendor "Xine" for product "Xine-lib" and version "1_beta12" | - |
Affected
| ||||||