Xine-lib Multiple Vulnerabilities (Aug-08) Network Vulnerability

Summary

The host has xine-lib installed, which prone to multiple vulnerabilities.

Impact

Remote exploitation could allow execution of arbitrary code to cause head-based buffer overflow via a specially crafted RealAudio or Matroska file. Impact Level : Application/System

Solution

Update to version 1.1.16.1 or later, For updates refer to http://www.linuxfromscratch.org/blfs/view/svn/multimedia/xine-lib.html

Insight

The flaws are due to overflow errors that exist in open_ra_file() in demux_realaudio.c, parse_block_group() in demux_matroska.c, and eal_parse_audio_specific_data() in demux_real.c methods.

Affected

xine-lib versions 1.1.15 and prior on Linux (All).

References

http://secunia.com/advisories/31567/
http://www.ocert.org/analysis/2008-008/analysis.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
Freefloat FTP Server Buffer Overflow Vulnerability
IpTools Tiny TCP/IP Servers Remote Buffer Overflow Vulnerability
SquidGuard Multiple Buffer Overflow Vulnerabilities
ImageMagick Integer Overflow Vulnerability - 02 June13 (Windows)

xine-lib Multiple Vulnerabilities (Aug-08)

Take action and discover your vulnerabilities