xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-11-26T01:00:00
Updated: 2024-08-07T10:49:12.262Z
Reserved: 2008-11-25T00:00:00
Link: CVE-2008-5239
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-11-26T01:30:00.577
Modified: 2024-11-21T00:53:38.207
Link: CVE-2008-5239
Redhat
No data.