What is the severity of CVE-2008-5241?

CVE-2008-5241 is classified as a high severity vulnerability due to its potential to cause denial of service.

How do I fix CVE-2008-5241?

To fix CVE-2008-5241, upgrade xine-lib to version 1.1.15 or later, which resolves the integer underflow issue.

What versions are affected by CVE-2008-5241?

CVE-2008-5241 affects xine-lib versions 1.1.10 through 1.1.15 and earlier, including version 1.1.12.

What type of attack can exploit CVE-2008-5241?

CVE-2008-5241 can be exploited by remote attackers through specially crafted media files targeting xine-lib.

Is there a workaround for CVE-2008-5241?

There are no known effective workarounds for CVE-2008-5241 other than upgrading the affected software.

Vulnerability/
CVE-2008-5241

medium

4.3

CWE

189

26/11/2008

7/8/2024

CVE-2008-5241

First published: Wed Nov 26 2008(Updated: )

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
xine	=1.1.10
xine	=1-rc3a
xine	=1.1.10.1
xine	=1.1.9.1
xine	=1_beta7
xine	=1.1.11
xine	=1-rc3
xine	=1_beta9
xine	=1.1.0
xine	=1.1.7
xine	=1-rc3b
xine	=1-rc5
xine	=1.1.2
xine	=1_beta4
xine	<=1.1.15
xine	=1.1.9
xine	=1.0.3a
xine	=1-rc4a
xine	=1.1.12
xine	=1.0.1
xine	=1-rc8
xine	=1.1.13
xine	=1.1.11.1
xine	=1-rc2
xine	=1.0.2
xine	=1.1.8
xine	=1_beta2
xine	=1-rc7
xine	=1_beta5
xine	=1_beta11
xine	=1-rc1
xine	=1.1.3
xine	=1.1.4
xine	=1.1.5
xine	=0.9.13
xine	=1.0
xine	=1-rc3c
xine	=1_beta6
xine	=1.1.14
xine	=1-rc4
xine	=1_beta1
xine	=1.1.6
xine	=1_beta12
xine	=1.1.1
xine	=1_beta10
xine	=1_beta8
xine	=1-rc0a
xine	=1-rc6a
xine	=1_beta3

Remedy

http://www.securityfocus.com/bid/30797

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5241?
CVE-2008-5241 is classified as a high severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2008-5241?
To fix CVE-2008-5241, upgrade xine-lib to version 1.1.15 or later, which resolves the integer underflow issue.
What versions are affected by CVE-2008-5241?
CVE-2008-5241 affects xine-lib versions 1.1.10 through 1.1.15 and earlier, including version 1.1.12.
What type of attack can exploit CVE-2008-5241?
CVE-2008-5241 can be exploited by remote attackers through specially crafted media files targeting xine-lib.
Is there a workaround for CVE-2008-5241?
There are no known effective workarounds for CVE-2008-5241 other than upgrading the affected software.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/remedy
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/xine
canonical/xine
version/xine/1.1.10
version/xine/1-rc3a
version/xine/1.1.10.1
version/xine/1.1.9.1
version/xine/1_beta7
version/xine/1.1.11
version/xine/1-rc3
version/xine/1_beta9
version/xine/1.1.0
version/xine/1.1.7
version/xine/1-rc3b
version/xine/1-rc5
version/xine/1.1.2
version/xine/1_beta4
version/xine/1.1.15
version/xine/1.1.9
version/xine/1.0.3a
version/xine/1-rc4a
version/xine/1.1.12
version/xine/1.0.1
version/xine/1-rc8
version/xine/1.1.13
version/xine/1.1.11.1
version/xine/1-rc2
version/xine/1.0.2
version/xine/1.1.8
version/xine/1_beta2
version/xine/1-rc7
version/xine/1_beta5
version/xine/1_beta11
version/xine/1-rc1
version/xine/1.1.3
version/xine/1.1.4
version/xine/1.1.5
version/xine/0.9.13
version/xine/1.0
version/xine/1-rc3c
version/xine/1_beta6
version/xine/1.1.14
version/xine/1-rc4
version/xine/1_beta1
version/xine/1.1.6
version/xine/1_beta12
version/xine/1.1.1
version/xine/1_beta10
version/xine/1_beta8
version/xine/1-rc0a
version/xine/1-rc6a
version/xine/1_beta3