[Secure-testing-commits] r10652 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Dec 7 15:59:46 UTC 2008
Author: nion
Date: 2008-12-07 15:59:45 +0000 (Sun, 07 Dec 2008)
New Revision: 10652
Modified:
data/CVE/list
Log:
CVE-2008-5238 fixed in xine-lib 1.1.14-3, some additional comments added
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-07 14:39:40 UTC (rev 10651)
+++ data/CVE/list 2008-12-07 15:59:45 UTC (rev 10652)
@@ -275,7 +275,10 @@
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not ...)
TODO: check
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in ...)
- TODO: check
+ - xine-lib 1.1.14-3 (low)
+ NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
+ NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
+ NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...)
TODO: check
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
More information about the Secure-testing-commits
mailing list