Package: xine-lib Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xine-lib.
CVE-2008-5237[0]: | Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and | earlier versions, allow remote attackers to cause a denial of service | (crash) or possibly execute arbitrary code via (1) crafted width and | height values that are not validated by the mymng_process_header | function in demux_mng.c before use in an allocation calculation or (2) | crafted current_atom_size and string_size values processed by the | parse_reference_atom function in demux_qt.c. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237 http://security-tracker.debian.net/tracker/CVE-2008-5237 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
