CVE-2008-5246
Mandriva Linux Security Advisory 2009-020
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Múltiples desbordamientos de búfer basados en montículo en xine-lib anterior a 1.1.15; permiten a atacantes remotos ejecutar código de su elección a a través de vectores que envían datos ID3 a las funciones (1) id3v22_interp_frame Y (2) id3v24_interp_frame en src/demuxers/id3.c. NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros.
Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files. Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata. Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files. Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files. Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Various other issues have also been addressed. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-11-25 CVE Reserved
- 2008-11-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-04-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/47677 | Vdb Entry | |
| http://securitytracker.com/id?1020703 | Vdb Entry | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/30698 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2382 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44468 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | 2017-08-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | <= 1.1.14 Search vendor "Xine" for product "Xine-lib" and version " <= 1.1.14" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.9.13 Search vendor "Xine" for product "Xine-lib" and version "0.9.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc0a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc1 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc2 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3b |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc3c |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc4a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc5 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc6a |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc7 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1 Search vendor "Xine" for product "Xine-lib" and version "1" | rc8 |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0 Search vendor "Xine" for product "Xine-lib" and version "1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.1 Search vendor "Xine" for product "Xine-lib" and version "1.0.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.2 Search vendor "Xine" for product "Xine-lib" and version "1.0.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.0.3a Search vendor "Xine" for product "Xine-lib" and version "1.0.3a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.0 Search vendor "Xine" for product "Xine-lib" and version "1.1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.2 Search vendor "Xine" for product "Xine-lib" and version "1.1.2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.3 Search vendor "Xine" for product "Xine-lib" and version "1.1.3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.4 Search vendor "Xine" for product "Xine-lib" and version "1.1.4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.5 Search vendor "Xine" for product "Xine-lib" and version "1.1.5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.6 Search vendor "Xine" for product "Xine-lib" and version "1.1.6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.7 Search vendor "Xine" for product "Xine-lib" and version "1.1.7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.8 Search vendor "Xine" for product "Xine-lib" and version "1.1.8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9 Search vendor "Xine" for product "Xine-lib" and version "1.1.9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.9.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.9.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10 Search vendor "Xine" for product "Xine-lib" and version "1.1.10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.10.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11 Search vendor "Xine" for product "Xine-lib" and version "1.1.11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.11.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.12 Search vendor "Xine" for product "Xine-lib" and version "1.1.12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.13 Search vendor "Xine" for product "Xine-lib" and version "1.1.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta1 Search vendor "Xine" for product "Xine-lib" and version "1_beta1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta2 Search vendor "Xine" for product "Xine-lib" and version "1_beta2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta3 Search vendor "Xine" for product "Xine-lib" and version "1_beta3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta4 Search vendor "Xine" for product "Xine-lib" and version "1_beta4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta5 Search vendor "Xine" for product "Xine-lib" and version "1_beta5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta6 Search vendor "Xine" for product "Xine-lib" and version "1_beta6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta7 Search vendor "Xine" for product "Xine-lib" and version "1_beta7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta8 Search vendor "Xine" for product "Xine-lib" and version "1_beta8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta9 Search vendor "Xine" for product "Xine-lib" and version "1_beta9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta10 Search vendor "Xine" for product "Xine-lib" and version "1_beta10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta11 Search vendor "Xine" for product "Xine-lib" and version "1_beta11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta12 Search vendor "Xine" for product "Xine-lib" and version "1_beta12" | - |
Affected
| ||||||