Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://trapkit.de/advisories/TKADV2009-004.txt
http://trapkit.de/advisories/TKADV2009-005.txt
http://sourceforge.net/project/shownotes.php?release_id=660071 http://www.vuxml.org/freebsd/48e14d86-42f1-11de-ad22-000e35248ad7.html
Insight
The following package is affected: libxine
CVE-2009-0385
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
CVE-2009-1274
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
Severity
Classification
-
CVE CVE-2009-0385, CVE-2009-1274 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities