cbcvebase.
CVE-2008-5246
published 2008-11-26

CVE-2008-5246: Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1)…

PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.69%
92.0th percentile
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
debianvlc
xinexine-lib<= 1.1.14
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_debian9.3LOW
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.