1
Candidate: CVE-2008-5247
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5247
5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243
6
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508715
8
The real_parse_audio_specific_data function in demux_real.c in xine-lib
9
1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height
10
(aka codec_data_length) value as a divisor, which allow remote attackers to
11
cause a denial of service (divide-by-zero error and crash) via a zero
15
mdeslaur> Debian says it doesn't look like a security issue, just a crash
16
mdeslaur> ignoring for now...
23
upstream: http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=c7bd49725972;style=gitweb
25
dapper_xine-lib: ignored
26
gutsy_xine-lib: ignored
27
hardy_xine-lib: ignored
28
intrepid_xine-lib: ignored
29
devel_xine-lib: ignored