CVE-2009-0698
published 2009-02-23CVE-2009-0698: Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.63%
88.1th percentile
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian9.3LOW
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2009-04-20·CVSS 7.5
CVE-2009-1274 [HIGH] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
It was discovered that the QT demuxer in xine-lib did not correctly handle
a large count value in an STTS atom, resulting in a heap-based buffer
overflow. If a user or automated system were tricked into opening a
specially crafted MOV file, an attacker could execute arbitrary code as the
user invoking the program. (CVE-2009-1274)
USN-746-1 provided updated xine-lib packages to fix multiple security
vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete.
This update corrects the problem.
Original advisory details:
It was discovered that the 4xm demuxer in xine-lib did not correctly
handle a large current_track value in a 4xm file, resulting in an integer
overflow. If a user or automated system were tricke
Ubuntu
xine-lib vulnerability
vendor_ubuntu·2009-03-26·CVSS 4.3
CVE-2009-0698 [MEDIUM] xine-lib vulnerability
Title: xine-lib vulnerability
Summary: xine-lib vulnerability
It was discovered that the 4xm demuxer in xine-lib did not correctly handle
a large current_track value in a 4xm file, resulting in an integer
overflow. If a user or automated system were tricked into opening a
specially crafted 4xm movie file, an attacker could crash xine-lib or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-0698)
USN-710-1 provided updated xine-lib packages to fix multiple security
vulnerabilities. The security patch to fix CVE-2008-5239 introduced a
regression causing some media files to be unplayable. This update corrects
the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that the input handlers in xine-lib did no
Debian
CVE-2009-0698: vlc - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 ...
vendor_debian·2009·CVSS 9.3
CVE-2009-0698 [CRITICAL] CVE-2009-0698: vlc - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 ...
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-jhxf-rmj6-ghq6: Integer overflow in the 4xm demuxer (demuxers/demux_4xm
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-0698 [CRITICAL] GHSA-jhxf-rmj6-ghq6: Integer overflow in the 4xm demuxer (demuxers/demux_4xm
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.xine-project.org/show_bug.cgi?id=205http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://sourceforge.net/project/shownotes.php?release_id=660071http://www.mandriva.com/security/advisories?name=MDVSA-2009:298http://www.mandriva.com/security/advisories?name=MDVSA-2009:299http://www.securityfocus.com/archive/1/500514/100/0/threadedhttp://www.trapkit.de/advisories/TKADV2009-004.txthttp://www.ubuntu.com/usn/USN-746-1https://exchange.xforce.ibmcloud.com/vulnerabilities/48954http://bugs.xine-project.org/show_bug.cgi?id=205http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://sourceforge.net/project/shownotes.php?release_id=660071http://www.mandriva.com/security/advisories?name=MDVSA-2009:298http://www.mandriva.com/security/advisories?name=MDVSA-2009:299http://www.securityfocus.com/archive/1/500514/100/0/threadedhttp://www.trapkit.de/advisories/TKADV2009-004.txthttp://www.ubuntu.com/usn/USN-746-1https://exchange.xforce.ibmcloud.com/vulnerabilities/48954
2009-02-23
Published