CVE-2008-5238

Name	CVE-2008-5238
Description	Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
xine-lib	source	(unstable)	1.1.14-3	low

Notes

code execution shouldn't work here as if 0xff will be extended to 0xffffffff
memcpy fails for copying from the complete addressable address space long before any code is executed
the malloc check for type_specific_data is missing, minor issue filed as #508065