CVE-2008-1482
CVE-2008-1482
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/31462unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/xinehof-adv.txthttp://aluigi.org/poc/xinehof.ziphttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=438663http://secunia.com/advisories/29484http://secunia.com/advisories/29600http://secunia.com/advisories/29622http://secunia.com/advisories/29740http://secunia.com/advisories/29756http://secunia.com/advisories/30337http://secunia.com/advisories/31372http://secunia.com/advisories/31393