Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900111
Category:General
Title:xine-lib Multiple Vulnerabilities
Summary:The host is installed with xine-lib, which is prone to multiple; vulnerabilities.
Description:Summary:
The host is installed with xine-lib, which is prone to multiple
vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- errors when processing malformed Ogg files in demux_ogg_send_chunk()
and send_header() functions in src/demuxers/demux_ogg.c

- error when processing malformed V4L video in open_video_capture_device()
function in src/input/input_v4l.c file.

- error when processing malformed ID3 data in id3v22_interp_frame(),
id3v23_interp_frame(), and id3v24_interp_frame() functions in src/demuxers/id3.c file.

- error when processing malformed Real file in demux_real_send_chunk()
function in src/demuxers/demux_real.c file.

Vulnerability Impact:
Remote exploitation could allow execution of arbitrary code to
cause the server to crash or denying the access to legitimate users.

Affected Software/OS:
xine-lib versions prior to 1.1.15 on Linux (All).

Solution:
Upgrade to xine-lib version 1.1.15.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 30698
Common Vulnerability Exposure (CVE) ID: CVE-2008-5235
http://www.securityfocus.com/bid/30698
http://securitytracker.com/id?1020703
http://secunia.com/advisories/31502
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/2382
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.