xine-lib: User-assisted execution of arbitrary code

Security Team Contact Address

Updated August 06, 2008

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200808-01 / xine-lib
Release Date	August 06, 2008
Latest Revision	August 06, 2008: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
media-libs/xine-lib	< 1.1.13	>= 1.1.13	All supported architectures

Related bugreports: #213039, #214270, #218059

Synopsis

xine-lib is vulnerable to multiple buffer overflows when processing media streams.

2. Impact Information

Background

xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine.

Description

Multiple vulnerabilities have been discovered in xine-lib:

Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function in the file input/libreal/sdpplin.c when processing streams from RTSP servers that contain a large "streamid" SDP parameter (CVE-2008-0073).
Luigi Auriemma reported multiple integer overflows that result in heap-based buffer overflows when processing ".FLV", ".MOV" ".RM", ".MVE", ".MKV", and ".CAK" files (CVE-2008-1482).
Guido Landi reported a stack-based buffer overflow in the demux_nsf_send_chunk() function when handling titles within NES Music (.NSF) files (CVE-2008-1878).

Impact

A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All xine-lib users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13"

4. References