Package: libxine1 Version: 1.0.1-1.4 Severity: grave Tags: security Justification: user security hole
An exploitable heap overflow has been found in libavcodec's handling of images with PIX_FMT_PAL8 pixel formats. xine-lib's embedded copy is vulnerable as well. Please see http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 for more information and a demo image. Upstream's fix can be found at http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]