Vigil@nce: xine-lib, multiples vulnerabilities
February 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities can be used by an attacker to create a
denial of service or to execute code on victim’s computer.
Gravity: 2/4
Consequences: user access/rights, denial of service of client
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 17/02/2009
IMPACTED PRODUCTS
– Fedora
– OpenSUSE
– SUSE LINUX Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Xine program displays multimedia contents. The xine-lib
library has several vulnerabilities.
Several vulnerabilities can be exploited via Real, ID3, QT,
Matroska, mng and mod. [grav:2/4; BID-30797, CVE-2008-5233,
CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238,
CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242,
CVE-2008-5243, CVE-2008-5244, CVE-2008-5247, oCERT-2008-008]
An attacker can create a malicious 4XM video in order to execute
code on user’s computer (VIGILANCE-VUL-8429
(https://vigilance.fr/tree/1/8429)). [grav:2/4; BID-33502,
CVE-2009-0385]
CHARACTERISTICS
Identifiers: BID-30797, BID-33502, CVE-2008-5233, CVE-2008-5234,
CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239,
CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243,
CVE-2008-5244, CVE-2008-5247, CVE-2009-0385, FEDORA-2008-7512,
FEDORA-2008-7572, FEDORA-2009-0483, FEDORA-2009-0542,
FEDORA-2009-1524, FEDORA-2009-1525, oCERT-2008-008,
SUSE-SR:2009:004, VIGILANCE-VUL-8475
http://vigilance.fr/vulnerability/xine-lib-multiples-vulnerabilities-8475