Launchpad CVE tracker

CVE 2008-5242

demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.

Related bugs and status

CVE-2008-5242 (Candidate) is related to these bugs:

Bug #290768: C format string specifications mismatch in translations crashes libxine based apps in some loales

		In	Importance	Status
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	xine-lib (Ubuntu)	High	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	langpack-o-matic	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	xine-lib (Ubuntu Intrepid)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-it-base (Ubuntu)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-it-base (Ubuntu Intrepid)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-de-base (Ubuntu)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-de-base (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-5242

References