9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.096 Low
EPSS
Percentile
94.8%
Multiple vulnerabilities were fixed in libxine 1.1.16.2.
Tobias Klein reports:
FFmpeg contains a type conversion vulnerability while
parsing malformed 4X movie files. The vulnerability may be
exploited by a (remote) attacker to execute arbitrary code in
the context of FFmpeg or an application using the FFmpeg
library.
Note: A similar issue also affects xine-lib < version
1.1.16.2.
xine developers report:
Fix broken size checks in various input plugins (ref.
CVE-2008-5239).
More malloc checking (ref. CVE-2008-5240).