Vulnerability Details : CVE-2008-0486
Potential exploit
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0486
- cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*
- cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0486
4.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0486
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-0486
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0486
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:006 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.debian.org/security/2008/dsa-1496
[SECURITY] [DSA 1496-1] New mplayer packages fix arbitrary code execution
-
http://secunia.com/advisories/28956
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/29323
About Secunia Research | FlexeraVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
Mandriva
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html
[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7
-
http://www.vupen.com/english/advisories/2008/0406/references
Site en construction
-
http://www.coresecurity.com/?action=item&id=2103
Core Security | Cyber Threat Prevention & Identity GovernanceExploit
-
http://bugs.xine-project.org/show_bug.cgi?id=38
-
http://www.debian.org/security/2008/dsa-1536
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
-
http://security.gentoo.org/glsa/glsa-200802-12.xml
xine-lib: User-assisted execution of arbitrary code (GLSA 200802-12) — Gentoo security
-
http://secunia.com/advisories/28918
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/0421
Site en construction
-
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html
[Full-Disclosure] Mailing List Charter
-
http://www.securityfocus.com/archive/1/487501/100/0/threaded
-
http://www.ubuntu.com/usn/usn-635-1
USN-635-1: xine-lib vulnerabilities | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/29601
About Secunia Research | FlexeraVendor Advisory
-
http://security.gentoo.org/glsa/glsa-200803-16.xml
MPlayer: Multiple buffer overflows (GLSA 200803-16) — Gentoo security
-
http://secunia.com/advisories/29307
About Secunia Research | FlexeraVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html
[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8
-
http://secunia.com/advisories/28955
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/28801
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/31393
About Secunia Research | Flexera
-
http://secunia.com/advisories/28989
About Secunia Research | FlexeraVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=431541
431541 – (CVE-2008-0486) CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:046
Mandriva
-
http://secunia.com/advisories/29141
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/28779
About Secunia Research | FlexeraVendor Advisory
-
http://www.mplayerhq.hu/design7/news.html
MPlayer - The Movie Player
-
http://securityreason.com/securityalert/3608
MPlayer 1.0rc2 buffer overflow vulnerability - CXSecurity.com
-
http://www.securityfocus.com/bid/27441
-
http://bugs.gentoo.org/show_bug.cgi?id=209106
209106 – media-libs/xine-lib <1.1.10.1 execution of arbitrary code (CVE-2008-0486)
-
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735
xine - a free video player download | SourceForge.net
Jump to