CVE-2008-5241 : Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to ca

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).

Published 2008-11-26 01:30:01

Updated 2018-10-11 20:54:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2008-5241

Probability of exploitation activity in the next 30 days: 1.81%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5241

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-5241

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5241

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/44656
http://www.ocert.org/analysis/2008-008/analysis.txt

CVEs referencing this url
http://www.securityfocus.com/bid/30797

Patch

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020

CVEs referencing this url
http://securityreason.com/securityalert/4648

CVEs referencing this url
http://www.securityfocus.com/archive/1/495674/100/0/threaded

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:004 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url

Products affected by CVE-2008-5241

Xine » Xine-lib
Versions up to, including, (<=) 1.1.15
cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta1
cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta6
cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta7
cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta2
cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta3
cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta4
cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta5
cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta10
cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta11
cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta8
cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta9
cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 0.9.13
cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Beta12
cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.0
cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.0.1
cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.0.2
cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.0
cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.0.3a
cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.1
cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.10.1
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.10
cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.11
cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.9
cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.11.1
cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.13
cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.2
cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.4
cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.5
cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC2
cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC8
cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC5
cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc3c
cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.8
cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc3a
cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc3b
cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.3
cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.12
cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.6
cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.7
cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc6a
cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC7
cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC4
cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.9.1
cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc0a
cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC1
cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update RC3
cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1 Update Rc4a
cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*
Matching versions
Xine » Xine-lib » Version: 1.1.14
cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-5241

Exploit prediction scoring system (EPSS) score for CVE-2008-5241

CVSS scores for CVE-2008-5241

CWE ids for CVE-2008-5241

References for CVE-2008-5241

Products affected by CVE-2008-5241