LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xine-lib: multiple vulnerabilities

Package(s):xine-lib CVE #(s):CVE-2008-5233 CVE-2008-5241 CVE-2008-5245 CVE-2008-5246
Created:January 22, 2009 Updated:June 1, 2010
Description: xine-lib has multiple vulnerabilities. From the Mandriva alert:

Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233).

Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241).

Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245).

Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246).

Alerts:
Gentoo 201006-04 2010-06-01
Mandriva MDVSA-2009:319 2009-12-05
SuSE SUSE-SR:2009:004 2009-02-17
Mandriva MDVSA-2009:020 2009-01-21
Ubuntu USN-710-1 2009-01-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds