FKIE_CVE-2008-5237

Vulnerability from fkie_nvd - Published: 2008-11-26 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cve@mitre.orghttp://secunia.com/advisories/31827
cve@mitre.orghttp://secunia.com/advisories/33544
cve@mitre.orghttp://securityreason.com/securityalert/4648
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:020
cve@mitre.orghttp://www.ocert.org/analysis/2008-008/analysis.txt
cve@mitre.orghttp://www.securityfocus.com/archive/1/495674/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/30797
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/44652
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31827
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33544
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4648
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/analysis/2008-008/analysis.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/495674/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30797
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
Impacted products
Vendor Product Version
xine xine *
xine xine 0.9.13
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1
xine xine 1.0
xine xine 1.0.1
xine xine 1.0.2
xine xine 1.0.3a
xine xine 1.1.0
xine xine 1.1.1
xine xine 1.1.2
xine xine 1.1.3
xine xine 1.1.4
xine xine 1.1.10.1
xine xine 1.1.11
xine xine 1.1.11.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52E2289A-767D-445B-8AF5-4201E3806F78",
              "versionEndIncluding": "1.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
              "matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
              "matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
              "matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
              "matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
              "matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
              "matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2A24E4-CB4A-4D71-804F-63DA24563D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en xine-lib 1.1.12, y otros 1.1.15 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) valores de altura y anchura manipulados que no se validan por al funci\u00f3n mymng_process_header en demux_mng.c antes de usarse en un c\u00e1lculo de asignaci\u00f3n o (2)valores current_atom_size y string_size manipulados procesados por la funci\u00f3n arse_reference_atom en demux_qt.c."
    }
  ],
  "id": "CVE-2008-5237",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-26T01:30:00.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33544"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4648"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30797"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.