4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.022 Low
EPSS
Percentile
89.6%
The real_parse_audio_specific_data function in demux_real.c in xine-lib
1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height
(aka codec_data_length) value as a divisor, which allow remote attackers to
cause a denial of service (divide-by-zero error and crash) via a zero
value.
Author | Note |
---|---|
mdeslaur | Debian says it doesn’t look like a security issue, just a crash ignoring for now… |