|
Mplayer / Xine multiple security vulnerabilities
updated since 05.02.2008 | | Published: |  | 16.02.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8631 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing. |
| Affected: |  | MPLAYER : MPlayer 1.0 | | | | XINE : xine 1.1 | | | | XINE : xinelib 1.1 | | CVE: |  | CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.) | | | | CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.) | | | | CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.) |
|
|
|
|
|
