CVE-2008-5236Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-5236 | First vendor Publication | 2008-11-25 |
| Vendor | Cve | Last vendor Modification | 2011-03-07 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 52940 | xine-lib demux_realaudio.c open_ra_file Function RA File Handling Overflow |
| 52939 | xine-lib demux_real.c Multiple Function Overflows |
| 52938 | xine-lib demux_matroska.c parse_block_group Function EBML Element Length Proc... |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:31:08 |
|
(Critical)
