USN-746-1 -- xine-lib vulnerabilityID: oval:org.secpod.oval:def:700362 | Date: (C)2011-05-13 (M)2021-09-11 |
Class: PATCH | Family: unix |
It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. USN-710-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2008-5239 introduced a regression causing some media files to be unplayable. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the input handlers in xine-lib did not correctly handle certain error codes, resulting in out-of-bounds reads and heap- based buffer overflows. If a user or automated system were tricked into opening a specially crafted file, stream, or URL, an attacker could execute arbitrary code as the user invoking the program
Platform: |
Ubuntu 7.10 |
Ubuntu 8.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |