CVE-2009-0698Xine-lib vulnerability

6 documents5 sources
Severity
7.5HIGHNVD
CNA9.3
EPSS
2.4%
top 14.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xine Xine-lib
Timeline
PublishedFeb 23
Latest updateMay 2

Description

Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDxine/xine-lib1.1.16.1

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-jhxf-rmj6-ghq6: Integer overflow in the 4xm demuxer (demuxers/demux_4xm2022-05-02
CVEList
CVE-2009-0698: Integer overflow in the 4xm demuxer (demuxers/demux_4xm2009-02-23

📋Vendor Advisories

3
Ubuntu
xine-lib vulnerabilities2009-04-20
Ubuntu
xine-lib vulnerability2009-03-26
Debian
CVE-2009-0698: vlc - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 ...2009
CVE-2009-0698 — Xine Xine-lib vulnerability | cvebase