cbcvebase.
CVE-2008-5233
published 2008-11-26

CVE-2008-5233: xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in…

PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.35%
87.2th percentile
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
debianvlc
xinexine-lib<= 1.1.14
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.