| Description: |
From the Ubuntu advisory:
It was discovered that the Matroska, MOD, Real, and Real Audio demuxers in
xine-lib did not correctly handle malformed files, resulting in integer
overflows. If a user or automated system were tricked into opening a specially
crafted Matroska, MOD, Real, or Real Audio file, an attacker could execute
arbitrary code as the user invoking the program. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5238)
It was discovered that the QT demuxer in xine-lib did not correctly handle
an invalid metadata atom size, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2008-5234, CVE-2008-5242)
It was discovered that xine-lib did not correctly handle certain malformed AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could could cause xine-lib to crash, creating a denial of service. This issue only applied to Ubuntu 7.10, and 8.04 LTS. (CVE-2008-5244)
It was discovered that xine-lib did not correctly handle MP3 files with metadata
consisting only of separators. If a user or automated system were tricked into
opening a specially crafted MP3 file, an attacker could could cause xine-lib to
crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS,
7.10, and 8.04 LTS. (CVE-2008-5248)
|
