Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1482Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-1897 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
2.0%
top 16.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xine Xine-lib
Timeline
PublishedMar 24
Latest updateMay 1

Description

Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, whi

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDxine/xine-lib1.1.11

🔴Vulnerability Details

2
GHSA
GHSA-7vf8-639x-9hxv: Multiple integer overflows in xine-lib 12022-05-01
CVEList
CVE-2008-1482: Multiple integer overflows in xine-lib 12008-03-24

💥Exploits & PoCs

1
Exploit-DB
Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities2008-03-20

📋Vendor Advisories

2
Ubuntu
xine-lib vulnerabilities2008-08-06
Red Hat
xine-lib Integer overflow flaws

💬Community

1
Bugzilla
CVE-2008-1482 xine-lib Integer overflow flaws2008-03-24
CVE-2008-1482 — Xine Xine-lib vulnerability | cvebase