Xine-lib Multiple Vulnerabilities (Aug-08) Network Vulnerability

Summary

The host has xine-lib installed, which prone to multiple vulnerabilities.

Impact

Remote exploitation could allow execution of arbitrary code to cause head-based buffer overflow via a specially crafted RealAudio or Matroska file. Impact Level : Application/System

Solution

Update to version 1.1.16.1 or later, For updates refer to http://www.linuxfromscratch.org/blfs/view/svn/multimedia/xine-lib.html

Insight

The flaws are due to overflow errors that exist in open_ra_file() in demux_realaudio.c, parse_block_group() in demux_matroska.c, and eal_parse_audio_specific_data() in demux_real.c methods.

Affected

xine-lib versions 1.1.15 and prior on Linux (All).

References

http://secunia.com/advisories/31567/
http://www.ocert.org/analysis/2008-008/analysis.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
Ziproxy PNG Image Processing Buffer Overflow Vulnerability
VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)
Gabset Media Player Classic Integer Overflow Vulnerability
ZoneAlarm Internet Security Suite Buffer Overflow Vulnerability

xine-lib Multiple Vulnerabilities (Aug-08)

Take action and discover your vulnerabilities