CVE-2008-1482 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1482
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1482

Description: Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41350 UBUNTU http://www.ubuntu.com/usn/usn-635-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SREASON http://securityreason.com/securityalert/3769 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137 SAID Secunia Advisory: SA30337 Secunia Advisory: SA29484 Secunia Advisory: SA29600 Secunia Advisory: SA31393 Secunia Advisory: SA29622 Secunia Advisory: SA31372 Secunia Advisory: SA29756 Secunia Advisory: SA29740 MISC http://aluigi.org/poc/xinehof.zip http://aluigi.altervista.org/adv/xinehof-adv.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 GENTOO http://security.gentoo.org/glsa/glsa-200808-01.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1586 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489894/100/0/threaded BID 28370

Return to the previous page.