Vigil@nce: xine-lib, multiples vulnerabilities
August 2008 by Vigil@nce
Several vulnerabilities can be used by an attacker to create a
denial of service or to execute code on victim’s computer.
– Gravity: 2/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/08/2008
– Identifier: VIGILANCE-VUL-8066
IMPACTED PRODUCTS
- Unix - plateform
DESCRIPTION
The Xine program displays multimedia contents. The xine-lib
library has several vulnerabilities.
A malformed OGG file creates a denial of service in xine-lib.
[grav:2/4; CVE-2008-3231]
An attacker can create an overflow with a V4L video frame.
[grav:2/4]
An attacker can create an overflow via ID3. [grav:2/4]
An attacker can create an overflow via Real. [grav:2/4]
An attacker can generate several integer overflows. [grav:2/4]
Several vulnerabilities can be exploited via Real, ID3, QT,
Matroska, mng and mod. [grav:2/4; oCERT-2008-008]
CHARACTERISTICS
– Identifiers: BID-30698, CVE-2008-3231, oCERT-2008-008,
VIGILANCE-VUL-8066
– Url: https://vigilance.aql.fr/tree/1/8066