xine-lib MPEG buffer overflow
| xinelib-mpeg-bo (25670) |  High Risk |
Description:
xine is vulnerable to a buffer overflow caused by improper handling of MPEG files. By creating a malicious MPEG file, a remote attacker could overflow a buffer and execute arbitrary code on a victim's system, once the victim opens the malicious file. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending it to a victim as an email attachment.
Consequences:
Gain Access
Remedy:
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-04-16 for patch, upgrade, or suggested workaround information. See References.
References:
- xine Web site: xine - A Free Video Player.
- BID-17370: Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
- CVE-2006-1664: Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
- GLSA-200604-16: xine-lib: Buffer overflow vulnerability
- GLSA-200802-12: xine-lib: User-assisted execution of arbitrary code
- SA19853: xine-lib MPEG Stream Handling Buffer Overflow Vulnerability
- SECTRACK ID: 1015868: xinelib Buffer Overflow in Processing MPEG Files Let Remote Users Execute Arbitrary Code
Platforms Affected:
- Gentoo Linux
- Xine xine 1.14
Reported:
Apr 05, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net