Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

libxine -- multiple vulnerabilities in VideoCD handling

Description:

A xine security announcement states:

Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbitrary code with the permissions of the user running a xine-lib based media application.

Stack-based string overflows have been found:

  1. in the code which handles VideoCD MRLs
  2. in VideoCD code reading the disc label
  3. in the code which parses text subtitles and prepares them for display

References:

Affects:

portaudit: libxine -- multiple vulnerabilities in VideoCD handling

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.


Oliver Eikemeier <eik@FreeBSD.org>