Unrated severityNVD Advisory· Published Mar 24, 2008· Updated Apr 23, 2026
CVE-2008-1482
CVE-2008-1482
Description
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
24- aluigi.altervista.org/adv/xinehof-adv.txtnvdExploit
- aluigi.org/poc/xinehof.zipnvdExploit
- www.securityfocus.com/bid/28370nvdExploit
- lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlnvd
- secunia.com/advisories/29484nvd
- secunia.com/advisories/29600nvd
- secunia.com/advisories/29622nvd
- secunia.com/advisories/29740nvd
- secunia.com/advisories/29756nvd
- secunia.com/advisories/30337nvd
- secunia.com/advisories/31372nvd
- secunia.com/advisories/31393nvd
- security.gentoo.org/glsa/glsa-200808-01.xmlnvd
- securityreason.com/securityalert/3769nvd
- slackware.com/security/viewer.phpnvd
- www.debian.org/security/2008/dsa-1586nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/489894/100/0/threadednvd
- www.ubuntu.com/usn/usn-635-1nvd
- www.vupen.com/english/advisories/2008/0981/referencesnvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41350nvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.htmlnvd
News mentions
0No linked articles in our index yet.