CVE-2008-0486

Executive Summary

Informations
Name	CVE-2008-0486	First vendor Publication	2008-02-05
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486

CWE : Common Weakness Enumeration

id	Name
CWE-189	Numeric Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mplayer Mplayer cpe:/a:mplayer:mplayer:1.02rc2	1
Application	Xine Xine-Lib cpe:/a:xine:xine-lib:1.1.10	1

Open Source Vulnerability Database (OSVDB)

id	Description
42197	MPlayer libmpdemux/demux_audio.c FLAC Tag Processing Memory Corruption

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/27441
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/487501/100/0/threaded
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=209106 http://bugs.xine-project.org/show_bug.cgi?id=38 http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735 http://www.mplayerhq.hu/design7/news.html https://bugzilla.redhat.com/show_bug.cgi?id=431541
DEBIAN	http://www.debian.org/security/2008/dsa-1496 http://www.debian.org/security/2008/dsa-1536
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0039... https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0044...
FULLDISC	http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html
GENTOO	http://security.gentoo.org/glsa/glsa-200802-12.xml http://security.gentoo.org/glsa/glsa-200803-16.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:045 http://www.mandriva.com/security/advisories?name=MDVSA-2008:046
MISC	http://www.coresecurity.com/?action=item&id=2103
SECUNIA	http://secunia.com/advisories/28779 http://secunia.com/advisories/28801 http://secunia.com/advisories/28918 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/28989 http://secunia.com/advisories/29141 http://secunia.com/advisories/29307 http://secunia.com/advisories/29323 http://secunia.com/advisories/29601 http://secunia.com/advisories/31393
SREASON	http://securityreason.com/securityalert/3608
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
UBUNTU	http://www.ubuntu.com/usn/usn-635-1
VUPEN	http://www.vupen.com/english/advisories/2008/0406/references http://www.vupen.com/english/advisories/2008/0421

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:08:12	Multiple Updates

Type	Count
CPE ID(s)	2
osvdb(s)	1

Related	Severity
USN-635-1	(Critical)
MDVSA-2008:045	(Critical)
GLSA-200803-16	(Critical)
DSA-1536	(Critical)
DSA-1496	(Critical)
MDVSA-2008:046-1	(High)
MDVSA-2008:046	(High)
GLSA-200802-12	(High)