Summary
The host is installed with xine-lib, which prone to multiple vulnerabilities.
Impact
Remote exploitation could allow execution of arbitrary code to cause the server to crash or denying the access to legitimate users.
Impact Level : Application
Solution
Upgrade to xine-lib version 1.1.15
http://xinehq.de/index.php/releases
Insight
The flaws are due to,
- errors when processing malformed Ogg files in demux_ogg_send_chunk() and send_header() functions in src/demuxers/demux_ogg.c - error when processing malformed V4L video in open_video_capture_device() function in src/input/input_v4l.c file.
- error when processing malformed ID3 data in id3v22_interp_frame(), id3v23_interp_frame(), and id3v24_interp_frame() functions in src/demuxers/id3.c file.
- error when processing malformed Real file in demux_real_send_chunk() function in src/demuxers/demux_real.c file.
Affected
xine-lib versions prior to 1.1.15 on Linux (All).
References
Severity
Classification
-
CVE CVE-2008-5235 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)