Ubuntu Security Notice 635-1 - Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu.
99d390c6edf6c39134bcdba1921abab340fd7b8da4de5350fcc4a3b2f854f9bfMandriva Linux Security Advisory - Multiple heap-based buffer overflow vulnerabilities along with various array index flaws allow for arbitrary code execution in mplayer.
f1bcf0cf473fccd78e6b2308c1d9435a3aa262e40d0aead2dc19974921211ce7Gentoo Linux Security Advisory GLSA 200801-12 - Luigi Auriemma reported that xine-lib does not properly check boundaries when processing SDP attributes of RTSP streams, leading to heap-based buffer overflows. Versions less than 1.1.9.1 are affected.
ff977b76bbb0bdb47718d75eee18d9ff51d49e812da39a5fb8750ae7181746f2Mandriva Linux Security Advisory - Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225.
2df0ed3c500330133a8e4a0ab61ec8de41ad5a746274fc8172fef51a13274af3Debian Security Advisory 1472-1 - Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code.
7d69ef693573f2c21a0b5e5d44d1a8fa756dacb2e9032aca9ed12b87805533c1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed