What is the severity of CVE-2008-5246?

CVE-2008-5246 has a high severity rating due to its potential to allow remote code execution.

How do I fix CVE-2008-5246?

To fix CVE-2008-5246, update xine-lib to version 1.1.15 or later.

What versions of xine-lib are affected by CVE-2008-5246?

CVE-2008-5246 affects xine-lib versions prior to 1.1.15, including versions 1.1.10 and earlier.

What can attackers achieve through CVE-2008-5246?

Attackers can execute arbitrary code on the affected system through specially crafted ID3 data.

Are there any exploits available for CVE-2008-5246?

Yes, there are known exploits that leverage the buffer overflow vulnerabilities in CVE-2008-5246.

Vulnerability/
CVE-2008-5246

critical

9.3

CWE

119

26/11/2008

7/8/2024

CVE-2008-5246: Buffer Overflow

First published: Wed Nov 26 2008(Updated: )

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
xine	<=1.1.14
xine	=0.9.13
xine	=1-rc0a
xine	=1-rc1
xine	=1-rc2
xine	=1-rc3
xine	=1-rc3a
xine	=1-rc3b
xine	=1-rc3c
xine	=1-rc4
xine	=1-rc4a
xine	=1-rc5
xine	=1-rc6a
xine	=1-rc7
xine	=1-rc8
xine	=1.0
xine	=1.0.1
xine	=1.0.2
xine	=1.0.3a
xine	=1.1.0
xine	=1.1.1
xine	=1.1.2
xine	=1.1.3
xine	=1.1.4
xine	=1.1.5
xine	=1.1.6
xine	=1.1.7
xine	=1.1.8
xine	=1.1.9
xine	=1.1.9.1
xine	=1.1.10
xine	=1.1.10.1
xine	=1.1.11
xine	=1.1.11.1
xine	=1.1.12
xine	=1.1.13
xine	=1_beta1
xine	=1_beta2
xine	=1_beta3
xine	=1_beta4
xine	=1_beta5
xine	=1_beta6
xine	=1_beta7
xine	=1_beta8
xine	=1_beta9
xine	=1_beta10
xine	=1_beta11
xine	=1_beta12

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5246?
CVE-2008-5246 has a high severity rating due to its potential to allow remote code execution.
How do I fix CVE-2008-5246?
To fix CVE-2008-5246, update xine-lib to version 1.1.15 or later.
What versions of xine-lib are affected by CVE-2008-5246?
CVE-2008-5246 affects xine-lib versions prior to 1.1.15, including versions 1.1.10 and earlier.
What can attackers achieve through CVE-2008-5246?
Attackers can execute arbitrary code on the affected system through specially crafted ID3 data.
Are there any exploits available for CVE-2008-5246?
Yes, there are known exploits that leverage the buffer overflow vulnerabilities in CVE-2008-5246.

agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/weakness
agent/softwarecombine
vendor/xine
canonical/xine
version/xine/1.1.14
version/xine/0.9.13
version/xine/1-rc0a
version/xine/1-rc1
version/xine/1-rc2
version/xine/1-rc3
version/xine/1-rc3a
version/xine/1-rc3b
version/xine/1-rc3c
version/xine/1-rc4
version/xine/1-rc4a
version/xine/1-rc5
version/xine/1-rc6a
version/xine/1-rc7
version/xine/1-rc8
version/xine/1.0
version/xine/1.0.1
version/xine/1.0.2
version/xine/1.0.3a
version/xine/1.1.0
version/xine/1.1.1
version/xine/1.1.2
version/xine/1.1.3
version/xine/1.1.4
version/xine/1.1.5
version/xine/1.1.6
version/xine/1.1.7
version/xine/1.1.8
version/xine/1.1.9
version/xine/1.1.9.1
version/xine/1.1.10
version/xine/1.1.10.1
version/xine/1.1.11
version/xine/1.1.11.1
version/xine/1.1.12
version/xine/1.1.13
version/xine/1_beta1
version/xine/1_beta2
version/xine/1_beta3
version/xine/1_beta4
version/xine/1_beta5
version/xine/1_beta6
version/xine/1_beta7
version/xine/1_beta8
version/xine/1_beta9
version/xine/1_beta10
version/xine/1_beta11
version/xine/1_beta12