|
|
Subscribe / Log in / New account

xine-lib: multiple integer overflows

Package(s):xine CVE #(s):CVE-2008-1482
Created:April 1, 2008 Updated:September 10, 2008
Description: Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
Alerts:
Fedora FEDORA-2008-7572 xine-lib 2008-09-05
Ubuntu USN-635-1 xine-lib 2008-08-06
Gentoo 200808-01 xine-lib 2008-08-06
Mandriva MDVSA-2008:178 xine-lib 2008-08-20
Debian DSA-1586-1 xine-lib 2008-05-22
Fedora FEDORA-2008-2849 xine-lib 2008-04-08
Fedora FEDORA-2008-2945 xine-lib 2008-04-08
SuSE SUSE-SR:2008:008 wireshark, otrs, xine, xgl, silc-toolkit, lighttpd, tk 2008-04-04
Slackware SSA:2008-092-01 xine 2008-03-31
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds