[ MDVSA-2009:298 ] xine-lib

Kirjoittaja **dude67** » 14 Marras 2009, 10:59

_______________________________________________________________________

Package : xine-lib
Date : November 13, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

Vulnerabilities have been discovered and corrected in xine-lib:

- xine-lib before 1.1.15 allows remote attackers to cause a denial
of service (crash) via mp3 files with metadata consisting only of
separators (CVE-2008-5248)

- Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)

- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)
in xine-lib 1.1.16.1 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a 4X movie
file with a large current_track value, a similar issue to CVE-2009-0385
(CVE-2009-0698)

This update fixes these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-5248
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1274
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0698
_______________________________________________________________________

[ MDVSA-2009:298 ] xine-lib

[ MDVSA-2009:298 ] xine-lib

Paikallaolijat