mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
|
### [CVE-2008-1482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://aluigi.altervista.org/adv/xinehof-adv.txt
|
||
|
|
- http://aluigi.org/poc/xinehof.zip
|
||
|
|
- http://securityreason.com/securityalert/3769
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
No PoCs found on GitHub currently.
|
||
|
|
|