CVE-2009-1274
Ubuntu Security Notice 763-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
Desbordamiento de entero en la función qt_error parse_trak_atom en demuxers/demux_qt.c en xine-lib v1.1.16.2 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un fichero de vídeo Quicktime, con un valor largo de contador en un elemento STTS, lo que provoca un desbordamiento de búfer basado en montículo.
Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files. Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata. Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files. Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files. Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Various other issues have also been addressed. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-08 CVE Reserved
- 2009-04-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/53288 | Vdb Entry | |
| http://secunia.com/advisories/34712 | Third Party Advisory | |
| http://secunia.com/advisories/35416 | Third Party Advisory | |
| http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=673233 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/502481/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/34384 | Vdb Entry | |
| http://www.securitytracker.com/id?1021989 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49714 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://bugs.xine-project.org/show_bug.cgi?id=224 | 2024-08-07 | |
| http://www.trapkit.de/advisories/TKADV2009-005.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.0 Search vendor "Xine" for product "Xine-lib" and version "1.1.0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10 Search vendor "Xine" for product "Xine-lib" and version "1.1.10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.10.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.10.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11 Search vendor "Xine" for product "Xine-lib" and version "1.1.11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.11.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.11.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.12 Search vendor "Xine" for product "Xine-lib" and version "1.1.12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.13 Search vendor "Xine" for product "Xine-lib" and version "1.1.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.14 Search vendor "Xine" for product "Xine-lib" and version "1.1.14" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.15 Search vendor "Xine" for product "Xine-lib" and version "1.1.15" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.16.1 Search vendor "Xine" for product "Xine-lib" and version "1.1.16.1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1.1.16.2 Search vendor "Xine" for product "Xine-lib" and version "1.1.16.2" | - |
Affected
| ||||||