Lucene search
Ubuntu.comUB:CVE-2008-0486HistoryFeb 05, 2008 - 12:00 a.m.
CVE-2008-0486
2008-02-0500:00:00
ubuntu.com
ubuntu.com
12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
93.4%
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and
SVN before r25917, and possibly earlier versions, as used in Xine-lib
1.1.10, might allow remote attackers to execute arbitrary code via a
crafted FLAC tag, which triggers a buffer overflow.
Bugs
- <https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488>
- <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/195700>
- <https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/210163>
Notes
| Author | Note |
|---|---|
| jdstrand | according to http://xinehq.de/index.php/security, 1.1.1 and older are not affected |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.10 | noarch | mplayer | <Β 2:0.99+1.0pre8-0ubuntu8.2 | UNKNOWN |
| ubuntu | 7.04 | noarch | mplayer | <Β 2:1.0~rc1-0ubuntu9.3 | UNKNOWN |
| ubuntu | 7.10 | noarch | mplayer | <Β 2:1.0~rc1-0ubuntu13.2 | UNKNOWN |
| ubuntu | 8.04 | noarch | mplayer | <Β 2:1.0~rc2-0ubuntu9 | UNKNOWN |
| ubuntu | 7.04 | noarch | xine-lib | <Β 1.1.4-2ubuntu3.1 | UNKNOWN |
| ubuntu | 7.10 | noarch | xine-lib | <Β 1.1.7-1ubuntu1.3 | UNKNOWN |
Related
cve
cve
CVE-2008-0486
2008-02-05 12:00:00
CVE-2007-6718
2022-10-03 16:14:28
openvas
openvas
Fedora Update for xine-lib FEDORA-2008-1543
2009-02-16 00:00:00
Mandriva Update for xine-lib MDVSA-2008:046-1 (xine-lib)
2009-04-09 00:00:00
FreeBSD Ports: libxine
2008-09-04 00:00:00
coresecurity
coresecurity
MPlayer 1.0rc2 Buffer Overflow Vulnerability
2008-02-04 00:00:00
nessus
nessus
FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)
2008-02-28 00:00:00
Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)
2008-02-14 00:00:00
SuSE 10 Security Update : xine (ZYPP Patch Number 5080)
2008-03-13 00:00:00
securityvulns
securityvulns
CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
2008-02-05 00:00:00
[ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability
2008-02-16 00:00:00
Mplayer / Xine multiple security vulnerabilities
2008-02-16 00:00:00
nvd
nvd
CVE-2008-0486
2008-02-05 12:00:00
CVE-2007-6718
2008-10-20 17:59:23
seebug
seebug
MPlayer demux_audio.cθΏη¨ζ ζΊ’εΊζΌζ΄
2008-02-14 00:00:00
debiancve
debiancve
CVE-2008-0486
2008-02-05 12:00:00
CVE-2007-6718
2022-10-03 16:14:28
freebsd
freebsd
libxine -- buffer overflow vulnerability
2007-02-08 00:00:00
mplayer -- multiple vulnerabilities
2008-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7
2008-02-13 05:12:05
[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8
2008-02-13 05:06:27
prion
prion
Buffer overflow
2008-02-05 12:00:00
Design/Logic Flaw
2008-10-20 17:59:00
cvelist
cvelist
CVE-2008-0486
2008-02-05 11:00:00
CVE-2007-6718
2022-10-03 16:14:28
gentoo
gentoo
xine-lib: User-assisted execution of arbitrary code
2008-02-26 00:00:00
MPlayer: Multiple buffer overflows
2008-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2007-6718
2008-10-20 00:00:00
osv
osv
mplayer - arbitrary code execution
2008-02-12 00:00:00
xine-lib - several vulnerabilities
2008-03-31 00:00:00
debian
debian
[SECURITY] [DSA 1496-1] New mplayer packages fix arbitrary code execution
2008-02-12 22:59:52
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
2008-03-31 20:51:58
ubuntu
ubuntu
xine-lib vulnerabilities
2008-08-06 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
93.4%
Related for UB:CVE-2008-0486