What is the severity of CVE-2008-5235?

CVE-2008-5235 is classified as a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2008-5235?

To fix CVE-2008-5235, upgrade xine-lib to version 1.1.15 or newer.

What is CVE-2008-5235?

CVE-2008-5235 is a heap-based buffer overflow vulnerability in xine-lib that allows remote attackers to execute arbitrary code via crafted Real Media files.

Which versions of xine are affected by CVE-2008-5235?

CVE-2008-5235 affects multiple versions of xine, including all versions prior to 1.1.15.

What should I do if I cannot upgrade xine to mitigate CVE-2008-5235?

If upgrading is not possible, consider implementing a network-based solution to block potentially harmful Real Media files.

Vulnerability/
CVE-2008-5235

critical

9.3

CWE

119

26/11/2008

7/8/2024

CVE-2008-5235: Buffer Overflow

First published: Wed Nov 26 2008(Updated: )

Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
xine	<=1.1.4
xine	=0.9.13
xine	=1-beta1
xine	=1-beta10
xine	=1-beta11
xine	=1-beta12
xine	=1-beta2
xine	=1-beta3
xine	=1-beta4
xine	=1-beta5
xine	=1-beta6
xine	=1-beta7
xine	=1-beta8
xine	=1-beta9
xine	=1-rc0a
xine	=1-rc1
xine	=1-rc2
xine	=1-rc3
xine	=1-rc3a
xine	=1-rc3b
xine	=1-rc3c
xine	=1-rc4
xine	=1-rc4a
xine	=1-rc5
xine	=1-rc6a
xine	=1-rc7
xine	=1-rc8
xine	=1.0
xine	=1.0.1
xine	=1.0.2
xine	=1.0.3a
xine	=1.1.0
xine	=1.1.1
xine	=1.1.2
xine	=1.1.3
xine	=1.1.10.1
xine	=1.1.11
xine	=1.1.11.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5235?
CVE-2008-5235 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2008-5235?
To fix CVE-2008-5235, upgrade xine-lib to version 1.1.15 or newer.
What is CVE-2008-5235?
CVE-2008-5235 is a heap-based buffer overflow vulnerability in xine-lib that allows remote attackers to execute arbitrary code via crafted Real Media files.
Which versions of xine are affected by CVE-2008-5235?
CVE-2008-5235 affects multiple versions of xine, including all versions prior to 1.1.15.
What should I do if I cannot upgrade xine to mitigate CVE-2008-5235?
If upgrading is not possible, consider implementing a network-based solution to block potentially harmful Real Media files.

agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/type
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/xine
canonical/xine
version/xine/1.1.4
version/xine/0.9.13
version/xine/1-beta1
version/xine/1-beta10
version/xine/1-beta11
version/xine/1-beta12
version/xine/1-beta2
version/xine/1-beta3
version/xine/1-beta4
version/xine/1-beta5
version/xine/1-beta6
version/xine/1-beta7
version/xine/1-beta8
version/xine/1-beta9
version/xine/1-rc0a
version/xine/1-rc1
version/xine/1-rc2
version/xine/1-rc3
version/xine/1-rc3a
version/xine/1-rc3b
version/xine/1-rc3c
version/xine/1-rc4
version/xine/1-rc4a
version/xine/1-rc5
version/xine/1-rc6a
version/xine/1-rc7
version/xine/1-rc8
version/xine/1.0
version/xine/1.0.1
version/xine/1.0.2
version/xine/1.0.3a
version/xine/1.1.0
version/xine/1.1.1
version/xine/1.1.2
version/xine/1.1.3
version/xine/1.1.10.1
version/xine/1.1.11
version/xine/1.1.11.1