ISS X-Force Database: xine-dvd-subpicture-bo(17423): xine-lib DVD subpicture decoder buffer overflow

xine-lib DVD subpicture decoder buffer overflow

xine-dvd-subpicture-bo (17423)

High Risk

Description:

xine is vulnerable to a heap-based buffer overflow, caused by improper bounds checking of user-supplied input in the DVD subpicture decoder. By sending a specially-crafted MPEG file with a subpicture and overlapping fields, a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the user, once the file is processed by xine-lib.

Platforms Affected:

Debian, Debian Linux 3.0
Gentoo, Linux
MandrakeSoft, Mandrake Linux 10.0
MandrakeSoft, Mandrake Linux 10.0 AMD64
Slackware, Slackware Linux 10.0
Slackware, Slackware Linux current
Xine, xine-lib 0.5 to 0.5.2
Xine, xine-lib 0.9 releases
Xine, xine-lib 1-alpha releases
Xine, xine-lib 1-beta releases
Xine, xine-lib 1-rc - 1-rc5 release

Remedy:

Upgrade to the latest version of xine-lib (1-rc6a or later), available from the xine-Project Download Web page. See References.

— OR —

Apply the patch for this vulnerability, available from the SourceForge.net CVS Repository Web page. See References.

For Slackware Linux:
Upgrade to the latest xine-lib package, as listed below. Refer to slackware-security Mailing List, Wed, 22 Sep 2004 13:39:28 -0700 (PDT) for more information. See References.

Slackware Linux 10 and -current: 1rc6a-i686-1 or later

For Gentoo Linux:
Upgrade to the latest version of xine-lib (1_rc6 or later), as listed in Gentoo Linux Security Advisory GLSA 200409-30. See References.

For Debian GNU/Linux 3.0(woody):
Upgrade to the latest version of xine (0.9.8-2woody2 or later), as listed in DSA-657-1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

BugTraq Mailing List, Mon Sep 06 2004 - 14:38:29 CDT , XSA-2004-5: heap overflow in DVD subpicture decoder at http://archives.neohapsis.com/archives/bugtraq/2004-09/0195.html.
slackware-security Mailing List, Wed, 22 Sep 2004 13:39:28 -0700 (PDT), [slackware-security] xine-lib (SSA:2004-266-04) at http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.320308.
xine Web site, xine - A Free Video Player at http://xinehq.de/.
xine-Project Download Web page, Download and install xine-lib at http://xinehq.de/index.php/releases.
BID-11205: Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
CVE-2004-1379: Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
DSA-657: xine-lib -- buffer overflow
GLSA-200409-30: xine-lib: Multiple vulnerabilities
MDKSA-2004:105: Updated xine-lib packages fix multiple vulnerabilities

Reported:

Sep 06, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page