VDB
CVE-2008-1878
CVE-2008-1878
PUBLISHED
CVSS 7.5 HIGH
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
EPSS 7.93% · 92.2th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
7.93%
92.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| xine | xine-lib | 0, 1.1.1, 1.1.9 |
| n/a | n/a | n/a |
Timeline
- Apr 16, 2008 PoC Published
- Apr 17, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- FEDORA-2008-3326 vendor-advisory
- GLSA-200808-01 vendor-advisory
- FEDORA-2008-3353 vendor-advisory
- ADV-2008-1247 vdb
- DSA-1586 vendor-advisory
- 30021 third-party-advisory
- 29850 third-party-advisory
- MDVSA-2008:177 vendor-advisory
- 5458 exploit
- SUSE-SR:2008:012 vendor-advisory
- xinelib-demuxnsfsendchunk-bo(41865) vdb
- 31393 third-party-advisory
- MDVSA-2008:178 vendor-advisory
- 28816 vdb
- 31372 third-party-advisory
- USN-635-1 vendor-advisory
- 30337 third-party-advisory
- 30581 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-1878 advisory