Test ID:	1.3.6.1.4.1.25623.1.0.900111
Category:	General
Title:	xine-lib Multiple Vulnerabilities
Summary:	xine-lib is prone to multiple vulnerabilities.
Description:	Summary: xine-lib is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - errors when processing malformed Ogg files in demux_ogg_send_chunk() and send_header() functions in src/demuxers/demux_ogg.c - error when processing malformed V4L video in open_video_capture_device() function in src/input/input_v4l.c file. - error when processing malformed ID3 data in id3v22_interp_frame(), id3v23_interp_frame(), and id3v24_interp_frame() functions in src/demuxers/id3.c file. - error when processing malformed Real file in demux_real_send_chunk() function in src/demuxers/demux_real.c file. Vulnerability Impact: Remote exploitation could allow execution of arbitrary code to cause the server to crash or denying the access to legitimate users. Affected Software/OS: xine-lib versions prior to 1.1.15 on Linux (All). Solution: Upgrade to xine-lib version 1.1.15. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5235 BugTraq ID: 30698 http://www.securityfocus.com/bid/30698 http://securitytracker.com/id?1020703 http://secunia.com/advisories/31502 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://www.vupen.com/english/advisories/2008/2382
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.