Upstream information
Description
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 06:38:33 2013CVE page last modified: Mon Sep 9 17:04:34 2024