CVE-2008-5259 : Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versio

Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.

Published 2009-04-16 15:12:57

Updated 2025-04-09 00:30:58

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2008-5259

Divx » Divx Web Player
Versions up to, including, (<=) 1.4.2.7
cpe:2.3:a:divx:divx_web_player:*:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.3.0
cpe:2.3:a:divx:divx_web_player:1.3.0:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.1
cpe:2.3:a:divx:divx_web_player:1.1:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.2
cpe:2.3:a:divx:divx_web_player:1.2:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.0.2
cpe:2.3:a:divx:divx_web_player:1.0.2:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.0.1
cpe:2.3:a:divx:divx_web_player:1.0.1:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.4.1 Update Beta1
cpe:2.3:a:divx:divx_web_player:1.4.1:beta1:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.4.0 Update Beta2
cpe:2.3:a:divx:divx_web_player:1.4.0:beta2:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.2.0
cpe:2.3:a:divx:divx_web_player:1.2.0:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.1.0
cpe:2.3:a:divx:divx_web_player:1.1.0:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.4.2 Update Beta2
cpe:2.3:a:divx:divx_web_player:1.4.2:beta2:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.3.1
cpe:2.3:a:divx:divx_web_player:1.3.1:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.3
cpe:2.3:a:divx:divx_web_player:1.3:*:*:*:*:*:*:*
Matching versions
Divx » Divx Web Player » Version: 1.4
cpe:2.3:a:divx:divx_web_player:1.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-5259

EPSS FAQ

5.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-5259

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5259

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5259

http://secunia.com/secunia_research/2008-57/

Vendor Advisory
http://www.securityfocus.com/archive/1/502701/100/0/threaded
http://secunia.com/advisories/33196

Vendor Advisory
http://www.vupen.com/english/advisories/2009/1044

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49908
http://www.securityfocus.com/bid/34523
http://www.securitytracker.com/id?1022061

Jump to

Vulnerability Details : CVE-2008-5259

Products affected by CVE-2008-5259

Exploit prediction scoring system (EPSS) score for CVE-2008-5259

CVSS scores for CVE-2008-5259

CWE ids for CVE-2008-5259

References for CVE-2008-5259