CVE-2008-5242 (retired)

Priority
Description
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does
not validate the count field before calling calloc for STSD_ATOM atom
allocation, which allows remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a crafted media file.
Notes
 mdeslaur> combined with fix for CVE-2008-5234
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:46:00 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)