Gentoo Linux Security Advisory 201006-4 - Multiple vulnerabilities in xine-lib might result in the remote execution of arbitrary code. Multiple vulnerabilities have been reported in xine-lib. Versions less than 1.1.16.3 are affected.
3d573a1bf8635f59a558d880f1824403c79842bfc90c6d34a2e2239ac6a931c0Mandriva Linux Security Advisory 2009-298 - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via mp3 files with metadata consisting only of separators. Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. This update fixes these issues.
5d042dccc94ef37a7d0408f534588f6948d25d09047cfc5837da14932f9f6036Ubuntu Security Notice USN-710-1 - A large amount of xine-lib vulnerabilities have been addressed in a package update. The issues addressed range from denial of service to arbitrary code execution vulnerabilities.
7a57d4c1776774d0d20e16a7e70f2bd1e115b441a773f80d44141450b4576de4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed