CVE-2008-5241 — Integer Underflow (Wrap or Wraparound) in Xine-lib

CWE-1897 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 19.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xine Xine-lib

Timeline

PublishedNov 26

Latest updateMay 14

Description

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDxine/xine-lib1.1.15+36

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f4h9-7637-5hqr: Integer underflow in demux_qt↗2022-05-14

▶

CVEList

CVE-2008-5241: Integer underflow in demux_qt↗2008-11-26

▶

📋Vendor Advisories

Ubuntu

xine-lib vulnerabilities↗2009-01-26

▶

Red Hat

xine-lib: various flaws (CVE-2008-5234 CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247)↗2008-05-06

▶

💬Community

Bugzilla

xine-lib,gxine,oxine,xine-plugin: CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247 xine-lib various flaws↗2008-11-27

▶

Bugzilla

xine-lib: various flaws (CVE-2008-5234 CVE-2008-5235 CVE-2008-5236 CVE-2008-5237 CVE-2008-5239 CVE-2008-5240 CVE-2008-5241 CVE-2008-5242 CVE-2008-5243 CVE-2008-5244 CVE-2008-5247)↗2008-11-27

▶