| Vulnerability Name: | CVE-2008-5233 (CCN-44639) |
| Assigned: | 2008-08-22 |
| Published: | 2008-08-22 |
| Updated: | 2018-10-11 |
| Summary: | xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Authentication (Au): | | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Athentication (Au):
| | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2008-5233
Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:004
Source: CCN
Type: SA31567
xine-lib Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
31827
Source: SREASON
Type: UNKNOWN
4648
Source: CCN
Type: SECTRACK ID: 1020703
xine-lib Bugs in Processing Media Files Lets Remote Users Deny Service and Execute Arbitrary Code
Source: SECTRACK
Type: UNKNOWN
1020703
Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=619869
Source: CCN
Type: GLSA-201006-04
xine-lib: User-assisted execution of arbitrary code
Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:020
Source: CCN
Type: oCERT Advisories #2008-008
multiple heap overflows in xine-lib
Source: MISC
Type: UNKNOWN
http://www.ocert.org/analysis/2008-008/analysis.txt
Source: OSVDB
Type: UNKNOWN
47747
Source: CCN
Type: OSVDB ID: 47747
xine-lib src/demuxers/demux_mod.c open_mod_file() Function Filesize Handling
Source: BUGTRAQ
Type: UNKNOWN
20080822 [oCERT-2008-008] multiple heap overflows in xine-lib
Source: BID
Type: UNKNOWN
30797
Source: CCN
Type: BID-30797
xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
Source: CCN
Type: USN-710-1
xine-lib vulnerabilities
Source: CCN
Type: xine Web site
xine - A Free Video Player
Source: XF
Type: UNKNOWN
xinelib-realparseaudiospecificdata-dos(44639)
Source: XF
Type: UNKNOWN
xinelib-realparseaudiospecificdata-bo(44639)
Source: XF
Type: UNKNOWN
xinelib-mymngprocessheader-bo(44648)
Source: XF
Type: UNKNOWN
xinelib-openmodfile-bo(44649)
Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7572
Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7512
Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc0a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc1:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc2:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3b:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3c:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc4:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc4a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc5:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc6a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc7:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc8:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:*:*:*:*:*:*:*:* (Version <= 1.1.14)OR cpe:/a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc8:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc7:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc6a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc5:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc4:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3c:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
 Denotes that component is vulnerable |
| Vulnerability Name: | CVE-2008-5233 (CCN-44648) |
| Assigned: | 2008-08-22 |
| Published: | 2008-08-22 |
| Updated: | 2008-08-22 |
| Summary: | xine-lib is vulnerable to denial of service, caused by improper checking of malloc failures by the mymng_process_header() function. By persuading a victim to open a specially-crafted .RM file, a remote attacker could exploit this vulnerability to cause a denial of service and possibly execute arbitrary code. |
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Authentication (Au): | | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Athentication (Au):
| | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2008-5233
Source: CCN
Type: SA31567
xine-lib Multiple Vulnerabilities
Source: CCN
Type: SECTRACK ID: 1020703
xine-lib Bugs in Processing Media Files Lets Remote Users Deny Service and Execute Arbitrary Code
Source: CCN
Type: GLSA-201006-04
xine-lib: User-assisted execution of arbitrary code
Source: CCN
Type: oCERT Advisories #2008-008
multiple heap overflows in xine-lib
Source: CCN
Type: OSVDB ID: 47747
xine-lib src/demuxers/demux_mod.c open_mod_file() Function Filesize Handling
Source: CCN
Type: BID-30797
xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
Source: CCN
Type: USN-710-1
xine-lib vulnerabilities
Source: CCN
Type: xine Web site
xine - A Free Video Player
Source: XF
Type: UNKNOWN
xinelib-mymngprocessheader-dos(44648)
Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration CCN 1:
cpe:/a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1.0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc8:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc7:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc6a:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc5:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc4:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1:rc3c:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
Denotes that component is vulnerable |
| Vulnerability Name: | CVE-2008-5233 (CCN-44649) |
| Assigned: | 2008-08-22 |
| Published: | 2008-08-22 |
| Updated: | 2018-10-11 |
| Summary: | xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. |
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Authentication (Au): | | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV):
Access Complexity (AC):
Athentication (Au):
| | Impact Metrics: | Confidentiality (C):
Integrity (I):
Availibility (A): |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2008-5233
Source: CCN
Type: SA31567
xine-lib Multiple Vulnerabilities
Source: CCN
Type: SECTRACK ID: 1020703
xine-lib Bugs in Processing Media Files Lets Remote Users Deny Service and Execute Arbitrary Code
Source: CCN
Type: GLSA-201006-04
xine-lib: User-assisted execution of arbitrary code
Source: CCN
Type: oCERT Advisories #2008-008
multiple heap overflows in xine-lib
Source: CCN
Type: OSVDB ID: 47747
xine-lib src/demuxers/demux_mod.c open_mod_file() Function Filesize Handling
Source: CCN
Type: BID-30797
xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
Source: CCN
Type: USN-710-1
xine-lib vulnerabilities
Source: CCN
Type: xine Web site
xine - A Free Video Player
Source: XF
Type: UNKNOWN
xinelib-openmodfile-dos(44649)
Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report
|
| Oval Definitions |
|
| BACK |