libxine -- several vulnerabilities

2008-03-31T00:00:00
ID DSA-1536
Type debian
Reporter Debian
Modified 2008-03-31T00:00:00

Description

Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems:

The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only).

Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only).

Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.

For the old stable distribution (sarge), these problems have been fixed in version 1.0.1-1sarge7.

For the stable distribution (etch), these problems have been fixed in version 1.1.2+dfsg-6.

For the unstable distribution (sid), these problems have been fixed in version 1.1.11-1.

We recommend that you upgrade your xine-lib package.