| /// File Name: | MDVSA-2008-178.txt | Description:
| Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5942 | | Related CVE(s): | CVE-2008-0073, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1878 | | Last Modified: | Aug 21 20:36:00 2008 | | MD5 Checksum: | f81b67007a37ee028b814f93f17b95cb |
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
