Vulnerabilities > CVE-2008-5237 - Numeric Errors vulnerability in Xine
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 39 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-020.NASL description Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). This update provides the fix for all these security issues found in xine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and are also fixed by this update. last seen 2020-06-01 modified 2020-06-02 plugin id 36846 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36846 title Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:020) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:020. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(36846); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:51"); script_cve_id( "CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5243", "CVE-2008-5245", "CVE-2008-5246" ); script_bugtraq_id( 30698, 30699, 30797 ); script_xref(name:"MDVSA", value:"2009:020"); script_name(english:"Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:020)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). This update provides the fix for all these security issues found in xine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and are also fixed by this update." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-aa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-caca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-dxr3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-esd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-flac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-jack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-pulse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-sdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-smb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-wavpack"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64xine-devel-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64xine1-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libxine-devel-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libxine1-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-aa-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-caca-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-dxr3-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-esd-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-flac-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-gnomevfs-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-image-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-jack-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-plugins-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-pulse-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-sdl-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-smb-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"xine-wavpack-1.1.11.1-4.3mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64xine-devel-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64xine1-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libxine-devel-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libxine1-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-aa-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-caca-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-dxr3-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-esd-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-flac-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-gnomevfs-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-image-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-jack-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-plugins-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-pulse-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-sdl-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-smb-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xine-wavpack-1.1.15-2.1mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-04.NASL description The remote host is affected by the vulnerability described in GLSA-201006-04 (xine-lib: User-assisted execution of arbitrary code) Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46771 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46771 title GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201006-04. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(46771); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-3231", "CVE-2008-5233", "CVE-2008-5234", "CVE-2008-5235", "CVE-2008-5236", "CVE-2008-5237", "CVE-2008-5238", "CVE-2008-5239", "CVE-2008-5240", "CVE-2008-5241", "CVE-2008-5242", "CVE-2008-5243", "CVE-2008-5244", "CVE-2008-5245", "CVE-2008-5246", "CVE-2008-5247", "CVE-2008-5248", "CVE-2009-0698", "CVE-2009-1274"); script_bugtraq_id(30698, 30699, 30797, 33502, 34384); script_xref(name:"GLSA", value:"201006-04"); script_name(english:"GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201006-04 (xine-lib: User-assisted execution of arbitrary code) Multiple vulnerabilities have been reported in xine-lib. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201006-04" ); script_set_attribute( attribute:"solution", value: "All xine-lib users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.16.3' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 10, 2009. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xine-lib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/xine-lib", unaffected:make_list("ge 1.1.16.3"), vulnerable:make_list("lt 1.1.16.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine-lib"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-319.NASL description Vulnerabilities have been discovered and corrected in xine-lib : Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43022 published 2009-12-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43022 title Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:319) NASL family SuSE Local Security Checks NASL id SUSE_XINE-DEVEL-5965.NASL description This update of xine fixes multiple buffer overflows while parsing files : - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245 - CVE-2008-5246 - CVE-2008-5247 - These bugs can lead to remote code execution. (CVE-2008-5248) last seen 2020-06-01 modified 2020-06-02 plugin id 51768 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51768 title SuSE 10 Security Update : xine (ZYPP Patch Number 5965) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-710-1.NASL description It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files. If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231) It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not correctly handle memory allocation failures. If a user or automated system were tricked into opening a specially crafted MNG, MOD, or Real file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5233) It was discovered that the QT demuxer in xine-lib did not correctly handle an invalid metadata atom size, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5234, CVE-2008-5242) It was discovered that the Real, RealAudio, and Matroska demuxers in xine-lib did not correctly handle malformed files, resulting in heap-based buffer overflows. If a user or automated system were tricked into opening a specially crafted Real, RealAudio, or Matroska file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5236) It was discovered that the MNG and QT demuxers in xine-lib did not correctly handle malformed files, resulting in integer overflows. If a user or automated system were tricked into opening a specially crafted MNG or MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5237) It was discovered that the Matroska, MOD, Real, and Real Audio demuxers in xine-lib did not correctly handle malformed files, resulting in integer overflows. If a user or automated system were tricked into opening a specially crafted Matroska, MOD, Real, or Real Audio file, an attacker could execute arbitrary code as the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5238) It was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap-based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5239) It was discovered that the Matroska and Real demuxers in xine-lib did not correctly handle memory allocation failures. If a user or automated system were tricked into opening a specially crafted Matroska or Real file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-5240) It was discovered that the QT demuxer in xine-lib did not correctly handle an invalid metadata atom size in a compressed MOV file, resulting in an integer underflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could an attacker could cause xine-lib to crash, creating a denial of service. (CVE-2008-5241) It was discovered that the Real demuxer in xine-lib did not correctly handle certain malformed files. If a user or automated system were tricked into opening a specially crafted Real file, an attacker could could cause xine-lib to crash, creating a denial of service. (CVE-2008-5243) It was discovered that xine-lib did not correctly handle certain malformed AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244) It was discovered that the id3 tag handler in xine-lib did not correctly handle malformed tags, resulting in heap-based buffer overflows. If a user or automated system were tricked into opening a media file containing a specially crafted id3 tag, an attacker could execute arbitrary code as the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246) It was discovered that xine-lib did not correctly handle MP3 files with metadata consisting only of separators. If a user or automated system were tricked into opening a specially crafted MP3 file, an attacker could could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5248) It was discovered that the Matroska demuxer in xine-lib did not correctly handle an invalid track type. If a user or automated system were tricked into opening a specially crafted Matroska file, an attacker could could cause xine-lib to crash, creating a denial of service. It was discovered that the ffmpeg video decoder in xine-lib did not correctly handle media with certain image heights, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted video file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 7.10, 8.04 LTS, and 8.10. It was discovered that the ffmpeg audio decoder in xine-lib did not correctly handle malformed media, resulting in a integer overflow. If a user or automated system were tricked into opening a specially crafted media file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only applied to Ubuntu 8.10. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37469 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37469 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : xine-lib vulnerabilities (USN-710-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-0542.NASL description This updates xine-lib to the upstream 1.1.16 release. This fixes several bugs, including the security issues CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See http://sourceforge.net/project/shownotes.php?release_id=652075&group_i d=9655 for the full list of changes. In addition, the Fedora xine-lib package now includes the demuxers for the MPEG container format, which are not patent- encumbered. (The decoders for actual MPEG video and audio data are still excluded due to software patents.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35399 published 2009-01-16 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35399 title Fedora 9 : xine-lib-1.1.16-1.fc9.1 (2009-0542) NASL family Fedora Local Security Checks NASL id FEDORA_2008-7512.NASL description This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files (CVE-2008-3231) - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see: http://sourceforge.net/project/shownotes.php?release_id=619869&group_i d=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A coordinated release with 3rd-party repos was not possible, so this update may result in dependency issues with currently-installed xine-lib-extras-* rpms. This temporary problem will be rectified asap. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34133 published 2008-09-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34133 title Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512) NASL family SuSE Local Security Checks NASL id SUSE_XINE-DEVEL-5966.NASL description This update of xine fixes multiple buffer overflows while parsing files : - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245 - CVE-2008-5246 - CVE-2008-5247 - CVE-2008-5248 These bugs can lead to remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 35599 published 2009-02-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35599 title openSUSE 10 Security Update : xine-devel (xine-devel-5966) NASL family SuSE Local Security Checks NASL id SUSE_11_0_XINE-DEVEL-090129.NASL description This update of xine fixes multiple buffer overflows while parsing files : - CVE-2008-3231 - CVE-2008-5233 - CVE-2008-5234 - CVE-2008-5235 - CVE-2008-5236 - CVE-2008-5237 - CVE-2008-5238 - CVE-2008-5239 - CVE-2008-5240 - CVE-2008-5241 - CVE-2008-5242 - CVE-2008-5243 - CVE-2008-5244 - CVE-2008-5245 - CVE-2008-5246 - CVE-2008-5247 - CVE-2008-5248 These bugs can lead to remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 40156 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40156 title openSUSE Security Update : xine-devel (xine-devel-483) NASL family Fedora Local Security Checks NASL id FEDORA_2008-7572.NASL description This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files (CVE-2008-3231) - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see: http://sourceforge.net/project/shownotes.php?release_id=619869&group_i d=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A coordinated release with 3rd-party repos was not possible, so this update may result in dependency issues with currently-installed xine-lib-extras-* rpms. This temporary problem will be rectified asap. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34136 published 2008-09-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34136 title Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572) NASL family Fedora Local Security Checks NASL id FEDORA_2009-0483.NASL description This updates xine-lib to the upstream 1.1.16 release. This fixes several bugs, including the security issues CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See http://sourceforge.net/project/shownotes.php?release_id=652075&group_i d=9655 for the full list of changes. In addition, the Fedora xine-lib package now includes the demuxers for the MPEG container format, which are not patent- encumbered. (The decoders for actual MPEG video and audio data are still excluded due to software patents.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37860 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37860 title Fedora 10 : xine-lib-1.1.16-1.fc10 (2009-0483)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/31827
- http://secunia.com/advisories/33544
- http://securityreason.com/securityalert/4648
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
- http://www.ocert.org/analysis/2008-008/analysis.txt
- http://www.securityfocus.com/archive/1/495674/100/0/threaded
- http://www.securityfocus.com/bid/30797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html