CVE-2009-1274 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2009-1274

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.

Published: Apr 8, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1274
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
xine / xine-lib	1.1.10	1.1.10.x
xine / xine-lib	1.1.10.1	1.1.10.1.x
xine / xine-lib	1.1.11	1.1.11.x
xine / xine-lib	1.1.0	1.1.0.x
xine / xine-lib	1.1.12	1.1.12.x
xine / xine-lib	1.1.13	1.1.13.x
xine / xine-lib	1.1.11.1	1.1.11.1.x
xine / xine-lib	1.1.16.1	1.1.16.1.x
xine / xine-lib	1.1.16.2	1.1.16.2.x
xine / xine-lib	1.1.15	1.1.15.x
xine / xine-lib	1.1.14	1.1.14.x
xine / xine-lib	1.1.1	1.1.1.x