CVE-2008-5243

Published: 26 November 2008

The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.

Priority

Status

Package	Release	Status
xine-lib Launchpad, Ubuntu, Debian	dapper	Released (1.1.1+ubuntu2-7.10)
	gutsy	Released (1.1.7-1ubuntu1.4)
	hardy	Released (1.1.11.1-1ubuntu3.2)
	intrepid	Released (1.1.15-0ubuntu3.1)
	upstream	Needs triage
	Patches: upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=4982c9920f42657d0797145bf197127f18d8972c;style=gitweb

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508716
https://ubuntu.com/security/notices/USN-710-1
https://www.cve.org/CVERecord?id=CVE-2008-5243
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.