Your submission was sent successfully! Close

CVE-2008-5246

Published: 26 November 2008

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Priority

Medium

Status

Package Release Status
xine-lib
Launchpad, Ubuntu, Debian 		dapper
Released (1.1.1+ubuntu2-7.10)
gutsy
Released (1.1.7-1ubuntu1.4)
hardy
Released (1.1.11.1-1ubuntu3.2)
intrepid Not vulnerable
(1.1.15-0ubuntu1)
upstream
Released (1.1.15)

Notes

AuthorNote
mdeslaur 
this appears to be the same bug as the (2) part of CVE-2008-5234

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading