CVE-2008-5242

NameCVE-2008-5242
Descriptiondemux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs498243, 507165

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xine-libsourcelenny1.1.14-4
xine-libsourcesqueeze1.1.14-4
xine-libsource(unstable)1.1.16-1medium498243, 507165

Search for package or bug name: Reporting problems