CVE-2008-5248
published 2008-11-26CVE-2008-5248: xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.21%
64.6th percentile
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | — | — |
| xine | xine-lib | <= 1.1.15 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2009-01-26·CVSS 4.3
CVE-2008-3231 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ub
Debian
CVE-2008-5248: vlc - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (cra...
vendor_debian·2008·CVSS 4.3
CVE-2008-5248 [MEDIUM] CVE-2008-5248: vlc - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (cra...
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-26v7-7j6w-h2wc: xine-lib before 1
ghsa_unreviewed·2022-05-17
CVE-2008-5248 [MEDIUM] CWE-20 GHSA-26v7-7j6w-h2wc: xine-lib before 1
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:298http://www.securityfocus.com/bid/32505http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://sourceforge.net/project/shownotes.php?release_id=619869http://www.mandriva.com/security/advisories?name=MDVSA-2009:298http://www.securityfocus.com/bid/32505
2008-11-26
Published