CVE-2008-5237: Integer Overflow

First published: Wed Nov 26 2008(Updated: )

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
xine xine	=1-beta3
xine xine	=1-rc0a
xine xine	=1-beta6
xine xine	=1.1.10.1
xine xine	=1.0.1
xine xine	=1-rc1
xine xine	=1-rc6a
xine xine	=1-beta4
xine xine	=1-rc8
xine xine	=1.1.0
xine xine	=1-rc5
xine xine	=1.1.1
xine xine	=1-beta7
xine xine	=1.0.3a
xine xine	=1.1.3
xine xine	=1.0.2
xine xine	=1-beta10
xine xine	=1-beta1
xine xine	=1-rc3a
xine xine	=1.0
xine xine	=1-beta8
xine xine	=1.1.11.1
xine xine	<=1.1.5
xine xine	=0.9.13
xine xine	=1-beta2
xine xine	=1-beta9
xine xine	=1-rc7
xine xine	=1-rc4
xine xine	=1.1.11
xine xine	=1-rc3c
xine xine	=1.1.2
xine xine	=1-rc2
xine xine	=1-rc4a
xine xine	=1-rc3
xine xine	=1.1.4
xine xine	=1-beta5
xine xine	=1-beta11
xine xine	=1-beta12
xine xine	=1-rc3b

CVE-2008-5237: Integer Overflow

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact