xine-lib NSF声音格式解码器demux_nsf.c栈溢出漏洞

BUGTRAQ ID: 28816 xine是一款免费的媒体播放器，支持多种格式。 xine-lib的src/demuxers/demuxnsf.c文件中的demuxnsfsendchunk函数没有正确地处理NSF声音格式： opennsffile: 109: this-title = strdup&header0x0E; demuxnsfsendchunk: 122: char title100; 162: sprintftitle, "%s, song %d/%d", this-title, this-currentsong, this-totalsongs;...

CVE-2008-1878

CVE-2008-1878 is a stack-based buffer overflow in xine-lib (demux_nsf_send_chunk in src/demuxers/demux_nsf.c) that allows a remote attacker to crash the application and potentially execute arbitrary code via a long NSF title, affecting xine-lib 1.1.12 and earlier. Public advisories across distrib...