Candidate: CVE-2008-5246
PublicDate: 2008-11-26 01:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184
 https://ubuntu.com/security/notices/USN-710-1
Description:
 Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote
 attackers to execute arbitrary code via vectors that send ID3 data to the
 (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in
 src/demuxers/id3.c.  NOTE: the provenance of this information is unknown;
 the details are obtained solely from third party information.
Ubuntu-Description:
Notes:
 mdeslaur> this appears to be the same bug as the (2) part of CVE-2008-5234
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_xine-lib:
 upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb
upstream_xine-lib: released (1.1.15)
dapper_xine-lib: released (1.1.1+ubuntu2-7.10)
gutsy_xine-lib: released (1.1.7-1ubuntu1.4)
hardy_xine-lib: released (1.1.11.1-1ubuntu3.2)
intrepid_xine-lib: not-affected (1.1.15-0ubuntu1)
devel_xine-lib: not-affected (1.1.15-0ubuntu1)