xine-lib NSF声音格式解码器demux_nsf.c栈溢出漏洞

BUGTRAQ ID: 28816 xine是一款免费的媒体播放器，支持多种格式。 xine-lib的src/demuxers/demuxnsf.c文件中的demuxnsfsendchunk函数没有正确地处理NSF声音格式： opennsffile: 109: this-title = strdup&header0x0E; demuxnsfsendchunk: 122: char title100; 162: sprintftitle, "%s, song %d/%d", this-title, this-currentsong, this-totalsongs;...

CVE-2008-1878

Stack-based buffer overflow in the demuxnsfsendchunk function in src/demuxers/demuxnsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long NSF title...

CVE-2008-1878

Stack-based buffer overflow in the demuxnsfsendchunk function in src/demuxers/demuxnsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long NSF title...

xinelib-overflow.txt

xine-lib title = strdup&header0x0E; demuxnsfsendchunk: 122: char title100; 162: sprintftitle, "%s, song %d/%d", this-title, this-currentsong, this-totalsongs; - Affected applications http://xinehq.de/index.php/releases - PoC perl -e 'print "\x4E\x45\x53\x4D\x1A\x01\x01\x01\x80\x80\x18\x8A\x03\x8A...

Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC)

Xine-Lib 1.1.12 - NSF demuxer Stack Overflow PoC xine-lib title = strdup&header0x0E; demuxnsfsendchunk: 122: char title100; 162: sprintftitle, "%s, song %d/%d", this-title, this-currentsong, this-totalsongs; - Affected applications http://xinehq.de/index.php/releases - PoC perl -e 'print...