exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2008-5240

Status Candidate

Overview

xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.

Related Files

Gentoo Linux Security Advisory 201006-4
Posted Jun 2, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-4 - Multiple vulnerabilities in xine-lib might result in the remote execution of arbitrary code. Multiple vulnerabilities have been reported in xine-lib. Versions less than 1.1.16.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5235, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5245, CVE-2008-5246, CVE-2008-5247, CVE-2008-5248, CVE-2009-0698
SHA-256 | 3d573a1bf8635f59a558d880f1824403c79842bfc90c6d34a2e2239ac6a931c0
Mandriva Linux Security Advisory 2009-319
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-319 - Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files. Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata. Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files. Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files. Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Various other issues have also been addressed. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes these issues.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5243, CVE-2008-5245, CVE-2008-5246, CVE-2009-0698, CVE-2009-1274
SHA-256 | 3bf2a8635466988153d8e0e8ed108b20e7b74db866a856fe2b1fa702ad27df2c
Ubuntu Security Notice 710-1
Posted Jan 26, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-710-1 - A large amount of xine-lib vulnerabilities have been addressed in a package update. The issues addressed range from denial of service to arbitrary code execution vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5246, CVE-2008-5248
SHA-256 | 7a57d4c1776774d0d20e16a7e70f2bd1e115b441a773f80d44141450b4576de4
Mandriva Linux Security Advisory 2009-020
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-020 - Multiple vulnerabilities ranging from denial of service to heap-based overflows have been addressed in xine-lib.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5243, CVE-2008-5245, CVE-2008-5246
SHA-256 | 43ff4edc9f7da1c5c221e903dd7cc66b3c77e38c4641a9183d19d2b33c53ea40
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close