CVE-2008-5245
Mandriva Linux Security Advisory 2009-020
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
xine-lib anterior a 1.1.15 realiza marcos de video V4L preasignados antes del establecimiento de la longitud requerida, la cuál tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con un desbordamiento de búfer en la función open_video_capture_device en src/input/input_v4l.c.
Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files. Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata. Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files. Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files. Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Various other issues have also been addressed. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-11-25 CVE Reserved
- 2008-11-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-07-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1020703 | Vdb Entry | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/30698 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2382 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44470 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | 2017-08-08 | |
| http://secunia.com/advisories/31502 | 2017-08-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | <= 1.1.14 Search vendor "Xine" for product "Xine-lib" and version " <= 1.1.14" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.9.13 Search vendor "Xine" for product "Xine-lib" and version "0.9.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc0a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc1 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc2 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3b |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3c |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc5 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc6a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc7 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc8 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0 Search vendor "Xine" for product "Xine-lib" and version "1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.1 Search vendor "Xine" for product "Xine-lib" and version "1.0.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.2 Search vendor "Xine" for product "Xine-lib" and version "1.0.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.3a Search vendor "Xine" for product "Xine-lib" and version "1.0.3a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.0 Search vendor "Xine" for product "Xine-lib" and version "1.1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.2 Search vendor "Xine" for product "Xine-lib" and version "1.1.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.3 Search vendor "Xine" for product "Xine-lib" and version "1.1.3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.4 Search vendor "Xine" for product "Xine-lib" and version "1.1.4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.5 Search vendor "Xine" for product "Xine-lib" and version "1.1.5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.6 Search vendor "Xine" for product "Xine-lib" and version "1.1.6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.7 Search vendor "Xine" for product "Xine-lib" and version "1.1.7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.8 Search vendor "Xine" for product "Xine-lib" and version "1.1.8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9 Search vendor "Xine" for product "Xine-lib" and version "1.1.9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.9.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10 Search vendor "Xine" for product "Xine-lib" and version "1.1.10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.10.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11 Search vendor "Xine" for product "Xine-lib" and version "1.1.11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.11.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.12 Search vendor "Xine" for product "Xine-lib" and version "1.1.12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.13 Search vendor "Xine" for product "Xine-lib" and version "1.1.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta1 Search vendor "Xine" for product "Xine-lib" and version "1_beta1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta2 Search vendor "Xine" for product "Xine-lib" and version "1_beta2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta3 Search vendor "Xine" for product "Xine-lib" and version "1_beta3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta4 Search vendor "Xine" for product "Xine-lib" and version "1_beta4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta5 Search vendor "Xine" for product "Xine-lib" and version "1_beta5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta6 Search vendor "Xine" for product "Xine-lib" and version "1_beta6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta7 Search vendor "Xine" for product "Xine-lib" and version "1_beta7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta8 Search vendor "Xine" for product "Xine-lib" and version "1_beta8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta9 Search vendor "Xine" for product "Xine-lib" and version "1_beta9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta10 Search vendor "Xine" for product "Xine-lib" and version "1_beta10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta11 Search vendor "Xine" for product "Xine-lib" and version "1_beta11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta12 Search vendor "Xine" for product "Xine-lib" and version "1_beta12" | - |
Affected
| ||||||