LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xine-lib: integer overflow

Package(s):xine-lib CVE #(s):CVE-2009-1274
Created:April 9, 2009 Updated:June 1, 2010
Description: From the National Vulnerability Database entry: Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
Alerts:
Gentoo 201006-04 2010-06-01
Mandriva MDVSA-2009:319 2009-12-05
Mandriva MDVSA-2009:298 2009-11-13
SuSE SUSE-SR:2009:011 2009-06-09
Mandriva MDVSA-2009:299 2009-11-13
Ubuntu USN-763-1 2009-04-20
Fedora FEDORA-2009-3433 2009-04-09
Fedora FEDORA-2009-3428 2009-04-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds