Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1110Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
6.8MEDIUMNVD
CNA7.5
EPSS
8.1%
top 7.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Xine Xine-libXine Xine-plugin
Timeline
PublishedFeb 29
Latest updateMay 1

Description

Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDxine/xine-plugin1.1.9
NVDxine/xine-lib1.1.9

Patches

Patch: sourceforge.netPatch: xinehq.dePatch: sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-fccg-vfm7-whwm: Buffer overflow in demuxers/demux_asf2022-05-01
CVEList
CVE-2008-1110: Buffer overflow in demuxers/demux_asf2008-02-29

💥Exploits & PoCs

1
Exploit-DB
Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)2006-04-04

📋Vendor Advisories

1
Ubuntu
xine-lib vulnerabilities2008-08-06
CVE-2008-1110 — Xine Xine-lib vulnerability | cvebase