CVE-2009-1274Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
4.8%
top 10.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xine Xine-lib
Timeline
PublishedApr 8
Latest updateMay 2

Description

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDxine/xine-lib12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-7qxw-w45x-p9g9: Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt2022-05-02
CVEList
CVE-2009-1274: Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt2009-04-08

📋Vendor Advisories

3
Ubuntu
xine-lib vulnerabilities2009-04-20
Debian
CVE-2009-1274: vlc - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c...2009
Red Hat
xine-lib: Quicktime STTS Atom Integer Overflow (TKADV2009-005)

💬Community

1
Bugzilla
CVE-2009-1274 xine-lib: Quicktime STTS Atom Integer Overflow (TKADV2009-005)2009-04-09
CVE-2009-1274 — Xine Xine-lib vulnerability | cvebase