CVE-2008-0486

Summary

CVE	CVE-2008-0486
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-02-05 12:00:00 UTC
Updated	2018-10-15 22:00:00 UTC
Description	Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mplayer	Mplayer	1.02rc2	All	All	All
Application	Mplayer	Mplayer	1.02rc2	All	All	All
Application	Xine	Xine-lib	1.1.10	All	All	All
Application	Xine	Xine-lib	1.1.10	All	All	All

References

Reference	Source	Link	Tags
MPlayer Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Gentoo update for mplayer - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
SecurityReason - MPlayer 1.0rc2 buffer overflow vulnerability	SREASON	securityreason.com
Webmail - OVH	VUPEN	www.vupen.com
[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7	FEDORA	www.redhat.com
USN-635-1: xine-lib vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Mandriva update for mplayer - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Fedora update for xine-lib - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1536-1 libxine	DEBIAN	www.debian.org
Gentoo update for xine-lib - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
MPlayer: Multiple buffer overflows — Gentoo Linux Documentation	GENTOO	security.gentoo.org
Gentoo Bug 209106 - media-libs/xine-lib <1.1.10.1 execution of arbitrary code (CVE-2008-0486)	CONFIRM	bugs.gentoo.org
MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability	BID	www.securityfocus.com
xine-lib: User-assisted execution of arbitrary code — Gentoo Linux Documentation	GENTOO	security.gentoo.org
[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8	FEDORA	www.redhat.com
SourceForge.net: Files	CONFIRM	sourceforge.net
SecurityFocus	BUGTRAQ	www.securityfocus.com
[Full-disclosure] [USN-575-1] Apache vulnerabilities	FULLDISC	lists.grok.org.uk
Bug 431541 – CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code	CONFIRM	bugzilla.redhat.com
Webmail - OVH	VUPEN	www.vupen.com
Debian update for mplayer - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Ubuntu update for xine-lib - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:006	SUSE	lists.opensuse.org
Debian -- Security Information -- DSA-1496-1 mplayer	DEBIAN	www.debian.org
MPlayer - The Movie Player	CONFIRM	www.mplayerhq.hu
Support / Security / Advisories / / MDVSA-2008:045 \| Mandriva	MANDRIVA	www.mandriva.com
Debian update for xine-lib - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Support / Security / Advisories / / MDVSA-2008:046 \| Mandriva	MANDRIVA	www.mandriva.com
bugs.xine-project.org/show_bug.cgi	CONFIRM	bugs.xine-project.org
Core Security Technologies	MISC	www.coresecurity.com	Exploit
Mandriva update for xine-lib - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
xine-lib Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.