Xine-lib Multiple Vulnerabilities (Aug-08) Network Vulnerability

Summary

The host has xine-lib installed, which prone to multiple vulnerabilities.

Impact

Remote exploitation could allow execution of arbitrary code to cause head-based buffer overflow via a specially crafted RealAudio or Matroska file. Impact Level : Application/System

Solution

Update to version 1.1.16.1 or later, For updates refer to http://www.linuxfromscratch.org/blfs/view/svn/multimedia/xine-lib.html

Insight

The flaws are due to overflow errors that exist in open_ra_file() in demux_realaudio.c, parse_block_group() in demux_matroska.c, and eal_parse_audio_specific_data() in demux_real.c methods.

Affected

xine-lib versions 1.1.15 and prior on Linux (All).

References

http://secunia.com/advisories/31567/
http://www.ocert.org/analysis/2008-008/analysis.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
UnrealIRCd Buffer Overflow Vulnerability
Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
Novell File Reporter 'SRS' Tag Arbitrary File Deletion Vulnerability
IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

xine-lib Multiple Vulnerabilities (Aug-08)

Take action and discover your vulnerabilities