Lucene search
Ubuntu.comUB:CVE-2008-5247HistoryNov 26, 2008 - 12:00 a.m.
CVE-2008-5247
2008-11-2600:00:00
ubuntu.com
ubuntu.com
4
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.022 Low
EPSS
Percentile
89.6%
The real_parse_audio_specific_data function in demux_real.c in xine-lib
1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height
(aka codec_data_length) value as a divisor, which allow remote attackers to
cause a denial of service (divide-by-zero error and crash) via a zero
value.
Notes
| Author | Note |
|---|---|
| mdeslaur | Debian says it doesn’t look like a security issue, just a crash ignoring for now… |
Related
nvd
nvd
CVE-2008-5247
2008-11-26 01:30:00
cve
cve
CVE-2008-5247
2008-11-26 01:30:00
prion
prion
Denial of service
2008-11-26 01:30:00
cvelist
cvelist
CVE-2008-5247
2008-11-26 01:00:00
nessus
nessus
Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)
2008-09-10 00:00:00
Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572)
2008-09-10 00:00:00
SuSE 10 Security Update : xine (ZYPP Patch Number 5965)
2011-01-27 00:00:00
gentoo
gentoo
xine-lib: User-assisted execution of arbitrary code
2010-06-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201006-04 (xine-lib)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-04 (xine-lib)
2011-03-09 00:00:00
SUSE: Security Summary (SUSE-SR:2009:004)
2009-02-18 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.022 Low
EPSS
Percentile
89.6%
Related for UB:CVE-2008-5247