CVE-2008-5259

Published Apr 16, 2009

Last updated 10 days ago

CVSS info 9.3

Overview

Description: Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEDD5616-40BE-476A-894B-3A5EDAB6DCA5",
            "versionEndIncluding": "1.4.2.7"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1DE7B39-B12F-4790-97D5-EEF148DF04BF"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E16BFD0-AE79-48F7-B1BB-49414DE275B1"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3CFFED5-BB17-48D9-B05B-5DFF49BD55C7"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA47712-6BE0-4122-84BA-EBD19B646669"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EF850E2-24E3-49D1-BB12-19DA5500FF7F"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F87B501B-BB68-4514-AEEE-019BE6C7F6EE"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A8650D8-341F-4E2F-A432-3554F4D8A1D3"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DF6EF2D-C77F-4A27-A7AA-6124DC21EB81"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E826218-C2EC-47DB-9515-80FFBB5404C7"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4762B43B-1D3F-43B3-BADE-BA85FC0F1AA4"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.4.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0928846E-A627-4A17-A0C7-3B267EA3F7C0"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.4.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "573D1599-BE5C-426C-90D9-8B3CA697E1D6"
          },
          {
            "criteria": "cpe:2.3:a:divx:divx_web_player:1.4.2:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86B25EFF-734F-4992-B37A-28E4391CA191"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References