CVE-2008-5233
published 2008-11-26CVE-2008-5233: xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.35%
87.2th percentile
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | — | — |
| xine | xine-lib | <= 1.1.14 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-53j3-95c5-wpjm: xine-lib 1
ghsa_unreviewed·2022-05-14
CVE-2008-5233 [MEDIUM] CWE-119 GHSA-53j3-95c5-wpjm: xine-lib 1
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2009-01-26·CVSS 4.3
CVE-2008-3231 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ub
Debian
CVE-2008-5233: vlc - xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of...
vendor_debian·2008·CVSS 4.3
CVE-2008-5233 [MEDIUM] CVE-2008-5233: vlc - xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of...
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/31827http://securityreason.com/securityalert/4648http://securitytracker.com/id?1020703http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.ocert.org/analysis/2008-008/analysis.txthttp://www.osvdb.org/47747http://www.securityfocus.com/archive/1/495674/100/0/threadedhttp://www.securityfocus.com/bid/30797https://exchange.xforce.ibmcloud.com/vulnerabilities/44639https://exchange.xforce.ibmcloud.com/vulnerabilities/44648https://exchange.xforce.ibmcloud.com/vulnerabilities/44649https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/31827http://securityreason.com/securityalert/4648http://securitytracker.com/id?1020703http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.ocert.org/analysis/2008-008/analysis.txthttp://www.osvdb.org/47747http://www.securityfocus.com/archive/1/495674/100/0/threadedhttp://www.securityfocus.com/bid/30797https://exchange.xforce.ibmcloud.com/vulnerabilities/44639https://exchange.xforce.ibmcloud.com/vulnerabilities/44648https://exchange.xforce.ibmcloud.com/vulnerabilities/44649https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
2008-11-26
Published