Debian: DSA-1647-1 Urgent Notification on FFmpeg Vulnerability Alert
debian
March 31, 2008
Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
execution, which could be exploited through ...
Topics Covered
Summary
The DMO_VideoDecoder_Open function does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer overflow
and possibly execute arbitrary code (applies to sarge only).
CVE-2008-0073
Array index error in the sdpplin_parse function allows remote RTSP servers
to execute arbitrary code via a large streamid SDP parameter.
CVE-2008-0486
Array index vulnerability in libmpdemux/demux_audio.c might allow remote
attackers to execute arbitrary code via a crafted FLAC tag, which triggers
a buffer overflow (applies to etch only).
CVE-2008-1161
Buffer overflow in the Matroska demuxer allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a Matroska
file with invalid frame sizes.
For the stable distribution (etch), these problems have been fixed in version
1.1.2+dfsg-6.
For the old stable distribution (sarge), these problems have been fixed in
version 1...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!