Your submission was sent successfully! Close

CVE-2008-5243

Published: 26 November 2008

The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.

Priority

Low

Status

Package Release Status
xine-lib
Launchpad, Ubuntu, Debian
dapper
Released (1.1.1+ubuntu2-7.10)
gutsy
Released (1.1.7-1ubuntu1.4)
hardy
Released (1.1.11.1-1ubuntu3.2)
intrepid
Released (1.1.15-0ubuntu3.1)
upstream Needs triage