libxine -- buffer overflow vulnerability

2006-05-31T00:00:00
ID 107E2EE5-F941-11DA-B1FA-020039488E34
Type freebsd
Reporter FreeBSD
Modified 2006-05-31T00:00:00

Description

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).