CVE-2008-5246
published 2008-11-26CVE-2008-5246: Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1)…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.69%
92.0th percentile
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | — | — |
| xine | xine-lib | <= 1.1.14 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_debian9.3LOW
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghfj-4g4r-f7ww: Multiple heap-based buffer overflows in xine-lib before 1
ghsa_unreviewed·2022-05-17
CVE-2008-5246 [HIGH] CWE-119 GHSA-ghfj-4g4r-f7ww: Multiple heap-based buffer overflows in xine-lib before 1
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2009-01-26·CVSS 4.3
CVE-2008-3231 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ub
Debian
CVE-2008-5246: vlc - Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote atta...
vendor_debian·2008·CVSS 9.3
CVE-2008-5246 [CRITICAL] CVE-2008-5246: vlc - Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote atta...
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/47677http://securitytracker.com/id?1020703http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.securityfocus.com/bid/30698http://www.vupen.com/english/advisories/2008/2382https://exchange.xforce.ibmcloud.com/vulnerabilities/44468http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://osvdb.org/47677http://securitytracker.com/id?1020703http://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:020http://www.securityfocus.com/bid/30698http://www.vupen.com/english/advisories/2008/2382https://exchange.xforce.ibmcloud.com/vulnerabilities/44468
2008-11-26
Published