Gentoo Logo

xine-lib: Heap-based buffer overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200704-09 / xine-lib
Release Date April 14, 2007
Latest Revision April 14, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-libs/xine-lib < 1.1.4-r2 >= 1.1.4-r2 Intel compatible

Related bugreports: #170208

Synopsis

xine-lib is vulnerable to a heap-based buffer overflow.

2.  Impact Information

Background

xine-lib is the core library package for the xine media player.

Description

xine-lib does not check boundaries on data being read into buffers from DMO video files in code that is shared with MPlayer (DMO_VideoDecoder.c).

Impact

An attacker could entice a user to play a specially crafted DMO video file with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All xine-lib users on the x86 platform should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.4-r2"

4.  References

Print

Page updated April 14, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.