xine-lib: User-assisted execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 200801-12 / xine-lib
||January 27, 2008
||January 27, 2008: 01
All supported architectures
xine-lib is vulnerable to multiple heap-based buffer overflows when
processing RTSP streams.
xine-lib is the core library package for the xine media player.
Luigi Auriemma reported that xine-lib does not properly check
boundaries when processing SDP attributes of RTSP streams, leading to
heap-based buffer overflows.
An attacker could entice a user to play specially crafted RTSP video
streams with a player using xine-lib, potentially resulting in the
execution of arbitrary code with the privileges of the user running the
There is no known workaround at this time.
All xine-lib users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-220.127.116.11"