Launchpad CVE tracker

CVE 2008-5243

The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.

Related bugs and status

CVE-2008-5243 (Candidate) is related to these bugs:

Bug #290768: C format string specifications mismatch in translations crashes libxine based apps in some loales

		In	Importance	Status
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	xine-lib (Ubuntu)	High	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	langpack-o-matic	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	xine-lib (Ubuntu Intrepid)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-it-base (Ubuntu)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-it-base (Ubuntu Intrepid)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-de-base (Ubuntu)	Undecided	Fix Released
290768	C format string specifications mismatch in translations crashes libxine based apps in some loales	language-pack-gnome-de-base (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-5243

References