exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-1878

Status Candidate

Overview

Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.

Related Files

Mandriva Linux Security Advisory 2008-178
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-0073, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1878
SHA-256 | cc1af7aa9af190d5e08578ee557ea3356fcedf52d35bb1e99c652fdbdc04649d
Mandriva Linux Security Advisory 2008-177
Posted Aug 21, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-1878
SHA-256 | d083e2d6be526c76dac5c38045e56e16a97284f52f7ac3ebdcdea3559328cff6
Ubuntu Security Notice 635-1
Posted Aug 6, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 635-1 - Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686, CVE-2008-1878
SHA-256 | 99d390c6edf6c39134bcdba1921abab340fd7b8da4de5350fcc4a3b2f854f9bf
Gentoo Linux Security Advisory 200808-1
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-01 - xine-lib is vulnerable to multiple buffer overflows when processing media streams. Versions less than 1.1.13 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-0073, CVE-2008-1482, CVE-2008-1878
SHA-256 | 96a2505b5b01051d10174f599b4cedd3078d0417ff72f8307ce3bfe2546cac59
Debian Linux Security Advisory 1586-1
Posted May 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1586-1 - Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2008-1482, CVE-2008-1686, CVE-2008-1878
SHA-256 | 7355be718f57b1c08e1f04edd7309ae95359f8b6a3dba2dc3d07285db02c23a0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close