CVE-2008-5238 Details

CVE-2008-5238

Published: 2008-11-26
Last Modified: 2018-10-11
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.1/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 6.9/10
Confidentiality Impact None
Availability Impact Complete
Integrity Impact None
Vector String AV:N/AC:M/Au:N/C:N/I:N/A:C
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:* Yes - -
References

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/31827
http://securityreason.com/securityalert/4648
http://securitytracker.com/id?1020703
http://sourceforge.net/project/shownotes.php?release_id=619869
http://www.ocert.org/analysis/2008-008/analysis.txt
http://www.securityfocus.com/archive/1/495674/100/0/threaded
http://www.securityfocus.com/bid/30797
https://exchange.xforce.ibmcloud.com/vulnerabilities/44650
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

CVE ID
CVE-2008-5238
Published
2008-11-26
Modified
2018-10-11
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-189

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.