QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5236

Published: Nov 26, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

xinelib-openrafile-bo(44642)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://sourceforge.net/project/shownotes.php?release_id=619869

x_refsource_MISC

http://www.ocert.org/analysis/2008-008/analysis.txt

x_refsource_MISC

xinelib-parseblockgroup-bo(44634)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

FEDORA-2008-7572

vendor-advisory

x_refsource_FEDORA

SUSE-SR:2009:004

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

20080822 [oCERT-2008-008] multiple heap overflows in xine-lib

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MANDRIVA

FEDORA-2009-0542

vendor-advisory

x_refsource_FEDORA

FEDORA-2008-7512

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.