CVE-2008-5246

Published: 26 November 2008

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Priority

Medium

Status

Package Release Status
xine-lib
Launchpad, Ubuntu, Debian 		Upstream
Released (1.1.15)
Patches:
Upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb

Notes

AuthorNote
mdeslaur 
this appears to be the same bug as the (2) part of CVE-2008-5234

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading