CVE-2008-5235 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

9.3CRITICALNVD

EPSS

3.5%

top 12.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xine Debian VLC

Timeline

PublishedNov 26

Latest updateMay 17

Description

Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDxine/xine1.1.4+13

▶debiandebian/vlc

🔴Vulnerability Details

GHSA

GHSA-mp3h-wxw3-74mx: Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real↗2022-05-17

▶

📋Vendor Advisories

Red Hat

xine-lib: various flaws (CVE-2008-5234 CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247)↗2008-05-06

▶

Debian

CVE-2008-5235: vlc - Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers...↗2008

▶

💬Community

Bugzilla

xine-lib,gxine,oxine,xine-plugin: CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247 xine-lib various flaws↗2008-11-27

▶

Bugzilla

xine-lib: various flaws (CVE-2008-5234 CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247)↗2008-11-27

▶