Executive Summary

Informations
NameCVE-2008-0486First vendor Publication2008-02-05
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1

OpenVAS Exploits

DateDescription
2009-04-09Name : Mandriva Update for mplayer MDVSA-2008:045 (mplayer)
File : nvt/gb_mandriva_MDVSA_2008_045.nasl
2009-04-09Name : Mandriva Update for xine-lib MDVSA-2008:046 (xine-lib)
File : nvt/gb_mandriva_MDVSA_2008_046.nasl
2009-04-09Name : Mandriva Update for xine-lib MDVSA-2008:046-1 (xine-lib)
File : nvt/gb_mandriva_MDVSA_2008_046_1.nasl
2009-03-23Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1
File : nvt/gb_ubuntu_USN_635_1.nasl
2009-02-16Name : Fedora Update for xine-lib FEDORA-2008-1543
File : nvt/gb_fedora_2008_1543_xine-lib_fc8.nasl
2009-02-16Name : Fedora Update for xine-lib FEDORA-2008-1581
File : nvt/gb_fedora_2008_1581_xine-lib_fc7.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200802-12 (xine-lib)
File : nvt/glsa_200802_12.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200803-16 (mplayer)
File : nvt/glsa_200803_16.nasl
2008-09-04Name : mplayer -- multiple vulnerabilities
File : nvt/freebsd_mplayer8.nasl
2008-09-04Name : FreeBSD Ports: libxine
File : nvt/freebsd_libxine8.nasl
2008-04-07Name : Debian Security Advisory DSA 1536-1 (xine-lib)
File : nvt/deb_1536_1.nasl
2008-02-15Name : Debian Security Advisory DSA 1496-1 (mplayer)
File : nvt/deb_1496_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
42197MPlayer libmpdemux/demux_audio.c FLAC Tag Processing Memory Corruption

Nessus® Vulnerability Scanner

DateDescription
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-045.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-046.nasl - Type : ACT_GATHER_INFO
2008-08-20Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO
2008-04-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1536.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote SuSE system is missing the security patch xine-devel-5078
File : suse_xine-devel-5078.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xine-devel-5080.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200803-16.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_de4d4110ebce11dcae140016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-02-28Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e8a6a16de49811dcbb89000bcdc1757a.nasl - Type : ACT_GATHER_INFO
2008-02-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-12.nasl - Type : ACT_GATHER_INFO
2008-02-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1496.nasl - Type : ACT_GATHER_INFO
2008-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2008-1543.nasl - Type : ACT_GATHER_INFO
2008-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2008-1581.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/27441
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/487501/100/0/threaded
CONFIRMhttp://bugs.gentoo.org/show_bug.cgi?id=209106
http://bugs.xine-project.org/show_bug.cgi?id=38
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735
http://www.mplayerhq.hu/design7/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=431541
DEBIANhttp://www.debian.org/security/2008/dsa-1496
http://www.debian.org/security/2008/dsa-1536
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg0039...
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0044...
FULLDISChttp://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html
GENTOOhttp://security.gentoo.org/glsa/glsa-200802-12.xml
http://security.gentoo.org/glsa/glsa-200803-16.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:045
http://www.mandriva.com/security/advisories?name=MDVSA-2008:046
MISChttp://www.coresecurity.com/?action=item&id=2103
SECUNIAhttp://secunia.com/advisories/28779
http://secunia.com/advisories/28801
http://secunia.com/advisories/28918
http://secunia.com/advisories/28955
http://secunia.com/advisories/28956
http://secunia.com/advisories/28989
http://secunia.com/advisories/29141
http://secunia.com/advisories/29307
http://secunia.com/advisories/29323
http://secunia.com/advisories/29601
http://secunia.com/advisories/31393
SREASONhttp://securityreason.com/securityalert/3608
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
UBUNTUhttp://www.ubuntu.com/usn/usn-635-1
VUPENhttp://www.vupen.com/english/advisories/2008/0406/references
http://www.vupen.com/english/advisories/2008/0421

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:43:35
  • Multiple Updates
2013-05-11 00:08:12
  • Multiple Updates