Launchpad CVE tracker

CVE 2008-0486

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Related bugs and status

CVE-2008-0486 (Candidate) is related to these bugs:

Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows

		In	Importance	Status
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Feisty)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Gutsy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Hardy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Dapper)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Edgy)	High	Fix Released

Bug #195700: [xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer

		In	Importance	Status
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu)	Undecided	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Dapper)	High	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Feisty)	High	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Gutsy)	High	Fix Released

Bug #210163: [xine-lib] [DSA-1536-1] several vulnerabilities

		In	Importance	Status
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu)	Undecided	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Debian)	Unknown	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Dapper)	High	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Feisty)	High	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Gutsy)	High	Fix Released

Bug #922668: Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	922668	Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)		xine-lib-1.2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0486

References