| Name | CVE-2008-5238 |
| Description | Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| xine-lib | source | (unstable) | 1.1.14-3 | low | | |
Notes
code execution shouldn't work here as if 0xff will be extended to 0xffffffff
memcpy fails for copying from the complete addressable address space long before any code is executed
the malloc check for type_specific_data is missing, minor issue filed as #508065