CVE-2008-5233Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xine Xine-lib
Timeline
PublishedNov 26
Latest updateMay 14

Description

xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDxine/xine-lib1.1.14+35

🔴Vulnerability Details

2
GHSA
GHSA-53j3-95c5-wpjm: xine-lib 12022-05-14
CVEList
CVE-2008-5233: xine-lib 12008-11-26

📋Vendor Advisories

2
Ubuntu
xine-lib vulnerabilities2009-01-26
Debian
CVE-2008-5233: vlc - xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of...2008
CVE-2008-5233 — Xine Xine-lib vulnerability | cvebase