2008-11-26 02:30:00 2018-10-11 22:54:38

The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Xine Xine-lib 1 beta6 (not an official CPE) Xine Xine-lib 1 beta5 (not an official CPE) Xine Xine-lib 1 beta4 (not an official CPE) Xine Xine-lib 1 beta3 (not an official CPE) Xine Xine-lib 1 beta2 (not an official CPE) Xine Xine-lib 1 beta1 (not an official CPE) Xine Xine-lib 1.1.15 (not an official CPE) Xine Xine-lib 1.1.14 (not an official CPE) Xine Xine-lib 1.1.13 (not an official CPE) Xine Xine-lib 1.1.12 (not an official CPE) Xine Xine-lib 1.1.11.1 (not an official CPE) Xine Xine-lib 1.1.11 (not an official CPE) Xine Xine-lib 1.1.10.1 (not an official CPE) Xine Xine-lib 1.1.10 (not an official CPE) Xine Xine-lib 1.1.9.1 (not an official CPE) Xine Xine-lib 1.1.9 (not an official CPE) Xine Xine-lib 1.1.8 (not an official CPE) Xine Xine-lib 1.1.7 (not an official CPE) Xine Xine-lib 1.1.6 (not an official CPE) Xine Xine-lib 1.1.5 (not an official CPE) Xine Xine-lib 1.1.4 (not an official CPE) Xine Xine-lib 1.1.3 (not an official CPE) Xine Xine-lib 1.1.2 (not an official CPE) Xine Xine-lib 1.1.1 (not an official CPE) Xine Xine-lib 1.1.0 (not an official CPE) Xine Xine-lib 1.0.3a (not an official CPE) Xine Xine-lib 1.0.2 (not an official CPE) Xine Xine-lib 1.0.1 (not an official CPE) Xine Xine-lib 1.0 (not an official CPE) Xine Xine-lib 1 Rc8 (not an official CPE) Xine Xine-lib 1 Rc7 (not an official CPE) Xine Xine-lib 1 Rc6a (not an official CPE) Xine Xine-lib 1 Rc5 (not an official CPE) Xine Xine-lib 1 Rc4a (not an official CPE) Xine Xine-lib 1 Rc4 (not an official CPE) Xine Xine-lib 1 Rc3c (not an official CPE) Xine Xine-lib 1 Rc3b (not an official CPE) Xine Xine-lib 1 Rc3a (not an official CPE) Xine Xine-lib 1 Rc3 (not an official CPE) Xine Xine-lib 1 Rc2 (not an official CPE) Xine Xine-lib 1 Rc1 (not an official CPE) Xine Xine-lib 1 Rc0a (not an official CPE) Xine Xine-lib 0.9.13 (not an official CPE) Xine Xine-lib 1 beta7 (not an official CPE) Xine Xine-lib 1 beta8 (not an official CPE) Xine Xine-lib 1 beta9 (not an official CPE) Xine Xine-lib 1 beta10 (not an official CPE) Xine Xine-lib 1 beta11 (not an official CPE) Xine Xine-lib 1 beta12 (not an official CPE)