*** This bug is a security vulnerability *** Public security bug reported:
References: DSA-1536-1 (http://www.debian.org/security/2008/dsa-1536) Quoting: "Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only). CVE-2008-0073 Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only). CVE-2008-1161 Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes." CVE-2008-0486 has already been reported as Bug#195700. CVE-2008-1161 has already been reported as Bug#203474. ** Affects: xine-lib (Ubuntu) Importance: Undecided Status: New ** Affects: xine-lib (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-1246 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-1387 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0073 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0486 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1161 ** Bug watch added: Debian Bug tracker #464696 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696 ** Also affects: xine-lib (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464696 Importance: Unknown Status: Unknown -- [xine-lib] [DSA-1536-1] several vulnerabilities https://bugs.launchpad.net/bugs/210163 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
