Joined: 12 May 2004
|Posted: Tue Apr 26, 2005 9:04 pm Post subject: [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabiliti
|Gentoo Linux Security Advisory
Title: xine-lib: Two heap overflow vulnerabilities (GLSA 200504-27)
Date: April 26, 2005
Two vulnerabilities have been found in xine-lib which could lead to the
remote execution of arbitrary code.
xine-lib is a multimedia library which can be utilized to create
Vulnerable: < 1.0-r2
Unaffected: >= 1.0-r2
Unaffected: >= 1_rc6-r2 < 12
Architectures: All supported architectures
Heap overflows have been found in the code handling RealMedia RTSP
and Microsoft Media Services streams over TCP (MMST).
By setting up a malicious server and enticing a user to use its
streaming data, a remote attacker could possibly execute arbitrary code
on the client computer with the permissions of the user running any
multimedia frontend making use of the xine-lib library.
There is no known workaround at this time.
All xine-lib users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib
Xine Advisory XSA-2004-8
Last edited by GLSA on Sat Nov 24, 2012 4:19 am; edited 3 times in total