CVE-2008-3231
published 2008-07-18CVE-2008-3231: xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.92%
77.4th percentile
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xine | xine-lib | <= 1.1.14 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2009-01-26·CVSS 4.3
CVE-2008-3231 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ub
Red Hat
xine-lib: crash on zzuf test case lol-ffplay.ogg
vendor_redhat·CVSS 4.3
CVE-2008-3231 [MEDIUM] xine-lib: crash on zzuf test case lol-ffplay.ogg
xine-lib: crash on zzuf test case lol-ffplay.ogg
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
GHSA
GHSA-h8cc-x256-xmjw: xine-lib before 1
ghsa_unreviewed·2022-05-01
CVE-2008-3231 [MEDIUM] CWE-20 GHSA-h8cc-x256-xmjw: xine-lib before 1
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/31827http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.openwall.com/lists/oss-security/2008/07/13/3http://www.securityfocus.com/bid/30699http://www.securitytracker.com/id?1020703http://www.vupen.com/english/advisories/2008/2382https://exchange.xforce.ibmcloud.com/vulnerabilities/44040https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/31827http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.openwall.com/lists/oss-security/2008/07/13/3http://www.securityfocus.com/bid/30699http://www.securitytracker.com/id?1020703http://www.vupen.com/english/advisories/2008/2382https://exchange.xforce.ibmcloud.com/vulnerabilities/44040https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
2008-07-18
Published