xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2008-11-25 17:30
Updated : 2018-10-11 13:54
NVD link : CVE-2008-5233
Mitre link : CVE-2008-5233
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
xine
- xine-lib