CVE-2008-5247

Published: 26 November 2008

The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.

Priority

Low

Status

Package Release Status
xine-lib
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=c7bd49725972;style=gitweb