Vulnerability Description
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | 1.02rc2 |
| Xine | Xine-Lib | 1.1.10 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=209106
- http://bugs.xine-project.org/show_bug.cgi?id=38
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
- http://secunia.com/advisories/28779Vendor Advisory
- http://secunia.com/advisories/28801Vendor Advisory
- http://secunia.com/advisories/28918Vendor Advisory
- http://secunia.com/advisories/28955Vendor Advisory
- http://secunia.com/advisories/28956Vendor Advisory
- http://secunia.com/advisories/28989Vendor Advisory
- http://secunia.com/advisories/29141Vendor Advisory
- http://secunia.com/advisories/29307Vendor Advisory
- http://secunia.com/advisories/29323Vendor Advisory
- http://secunia.com/advisories/29601Vendor Advisory
- http://secunia.com/advisories/31393
FAQ
What is CVE-2008-0486?
CVE-2008-0486 is a vulnerability with a CVSS score of 7.5 (HIGH). Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitr...
How severe is CVE-2008-0486?
CVE-2008-0486 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0486?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer, Xine Xine-Lib.