CVE-2008-0238 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.5HIGHNVD
CNA6.4
EPSS
2.6%
top 14.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xine Xine-lib
Timeline
PublishedJan 11
Latest updateMay 1

Description

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDxine/xine-lib1.1.9

🔴Vulnerability Details

2
GHSA
GHSA-m33x-fw9w-58g9: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff↗2022-05-01
â–¶
CVEList
CVE-2008-0238: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff↗2008-01-11
â–¶

📋Vendor Advisories

2
Ubuntu
xine-lib vulnerabilities↗2008-08-06
â–¶
Red Hat
xine-lib: SDP attributes buffer overflow↗2008-01-09
â–¶

💬Community

1
Bugzilla
CVE-2008-0238 xine-lib: SDP attributes buffer overflow↗2008-01-14
â–¶
CVE-2008-0238 — Xine Xine-lib vulnerability | cvebase