Candidate: CVE-2008-5233
PublicDate: 2008-11-26 01:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243
 http://www.ocert.org/analysis/2008-008/analysis.txt
 https://ubuntu.com/security/notices/USN-710-1
Description:
 xine-lib 1.1.12, and other versions before 1.1.15, does not check for
 failure of malloc in circumstances including (1) the mymng_process_header
 function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and
 (3) frame_buffer allocation in the real_parse_audio_specific_data function
 in demux_real.c, which allows remote attackers to cause a denial of service
 (crash) or possibly execute arbitrary code via a crafted media file.
Ubuntu-Description:
Notes:
 mdeslaur> this is half of 2A, 2B, and half of 2C
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_xine-lib:
 upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=35f09930323e46c92e521846b9ccdfd5e277ad16;style=gitweb
upstream_xine-lib: released (1.1.15)
dapper_xine-lib: released (1.1.1+ubuntu2-7.10)
gutsy_xine-lib: released (1.1.7-1ubuntu1.4)
hardy_xine-lib: released (1.1.11.1-1ubuntu3.2)
intrepid_xine-lib: not-affected (1.1.15-0ubuntu1)
devel_xine-lib: not-affected (1.1.15-0ubuntu1)