CVE-2008-5246
Published: 26 November 2008
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Notes
Author | Note |
---|---|
mdeslaur | this appears to be the same bug as the (2) part of CVE-2008-5234 |
Priority
Status
Package | Release | Status |
---|---|---|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.10)
|
gutsy |
Released
(1.1.7-1ubuntu1.4)
|
|
hardy |
Released
(1.1.11.1-1ubuntu3.2)
|
|
intrepid |
Not vulnerable
(1.1.15-0ubuntu1)
|
|
upstream |
Released
(1.1.15)
|
|
Patches: upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb |