Your submission was sent successfully! Close

CVE-2008-5244

Published: 25 November 2008

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.

Priority

Low

Status

Package Release Status
faad2
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

upstream Not vulnerable
(2.6.1)
xine-lib
Launchpad, Ubuntu, Debian
dapper
Released (1.1.1+ubuntu2-7.10)
gutsy
Released (1.1.7-1ubuntu1.4)
hardy
Released (1.1.11.1-1ubuntu3.2)
intrepid Not vulnerable
(1.1.15)
jaunty Not vulnerable
(1.1.15)
karmic Not vulnerable
(1.1.15)
upstream Needs triage

Notes

AuthorNote
mdeslaur
Same AAC issue as the first part of CVE-2008-4610
looks like debian fixed this by building xine-lib with the system
faad, which is in universe for us...
Tester is lol-vlc.aac. Doesn't crash intrepid.
xine 1.1.15 updated built-in libfaad to get rid of crashers
Not sure what to do for older versions...

References