CVE-2008-1482

Exp

Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.

Published: 2008-03-24 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2008-1482 is rated High Exploit Risk (80.4/100): CVSS Medium severity, with high exploitation likelihood (EPSS 9.54%, 95th percentile). Core evidence: 4 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +7.51% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-1482

EDB-ID Source Kind Published Link
31462 exploit_db edb 2008-03-20 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-1482

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 2.02% 9.54% +7.51%
2 2026-01-11 2.12% 2.02% -0.10%
3 2025-05-28 2.12%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-1482

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
8.6 6.4 [email protected]

Weakness enumeration for CVE-2008-1482

OS Trackers for CVE-2008-1482

vendor priority summary link
gentoo normal CVE-2008-1482: 1 GLSA(s) (200808-01), 1 atom(s) (media-libs/xine-lib); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-1482
redhat https://access.redhat.com/security/cve/CVE-2008-1482
ubuntu medium CVE-2008-1482 medium priority: Ubuntu including 1 source packages (xine-lib), 6 status rows across 6 suites (dapper, edgy, feisty, gutsy, hardy, upstream): released 4, ignored 1, not-affected 1. https://ubuntu.com/security/CVE-2008-1482

Affected software / configurations for CVE-2008-1482

Vendor Product Version Raw CPE
xine xine-lib 1.1.11 cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*

References for CVE-2008-1482

URL Tags
http://aluigi.altervista.org/adv/xinehof-adv.txt Exploit
http://aluigi.org/poc/xinehof.zip Exploit
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29484
http://secunia.com/advisories/29600
http://secunia.com/advisories/29622
http://secunia.com/advisories/29740
http://secunia.com/advisories/29756
http://secunia.com/advisories/30337
http://secunia.com/advisories/31372
http://secunia.com/advisories/31393
http://security.gentoo.org/glsa/glsa-200808-01.xml
http://securityreason.com/securityalert/3769
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137
http://www.debian.org/security/2008/dsa-1586
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://www.securityfocus.com/archive/1/489894/100/0/threaded
http://www.securityfocus.com/bid/28370 Exploit
http://www.ubuntu.com/usn/usn-635-1
http://www.vupen.com/english/advisories/2008/0981/references
https://bugzilla.redhat.com/show_bug.cgi?id=438663
https://exchange.xforce.ibmcloud.com/vulnerabilities/41350
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html
cvelogic Threat Intelligence