OSVDB ID: 19892 Title: xine/gxine xine-lib CDDB Response Format String |
Info |
|
|
Dates |
||||
|
|
Description |
xine-lib contains a flaw that may allow remote execution of arbitrary code. The issue is triggered when a xine-lib based media application, such as xine or gxine, retrieves improper metadata from a malicious CDDB server while playing an audio CD. The metadata is placed in memory on the stack and eventually passed to a fprintf() function as a format string. This allows the malicious user to alter the control flow and to execute malicious code with the permissions of the user running the application. |
Classification |
Location:
Remote / Network Access,
Local / Remote,
Context Dependent
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Upgrade to version 1.0.3 or higher, as it has been reported to fix this vulnerability. In addition, the creditee and the vendor released a patch for some older versions. It is also possible to correct the issue by implementing the following workaround: delete the file "xineplug_inp_cdda.so" from the xine-lib plugin directory. You will lose the ability to play audio CDs. |
Products |
|
Credit |
|
prontomail.com -