Multiple overflows exists in xine-lib. The QT demuxer (src/demuxers/demux_qt.c) fails to properly sanitize input to the parse_moov_atom() function, parse_reference_atom() function, when handling compressed MOV (CMOV_ATOM) files and when allocating STSD_ATOM atoms resulting in an overflow. With a specially crafted file or request, an attacker can cause the execution of arbitrary code or force process termination.

Upgrade to version 1.1.15 or higher, as it has been reported to fix the parse_moov_atom() function overflow. The other three vectors were not addresses in 1.1.15. An upgrade is required as there are no known workarounds.

Unknown or Incomplete

• Security Tracker: 1020703
• CVE ID: 2008-5234 (see also: NVD) 2008-5241 (see also: NVD) 2008-5242 (see also: NVD)
• Bugtraq ID: 30797
• Secunia Advisory ID: 31502 31567 31827 33544 33676 33849 39949
• Related OSVDB ID: 47742 47743 47744 47745 47746 47747 47748
• VUPEN Advisory: ADV-2008-2382
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-08/0225.html
• Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/xine/releases/291868
  http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
  http://sourceforge.net/project/shownotes.php?release_id=619869
  https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-January/000829.html
  https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
• Vendor Specific Solution URL: http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655
• Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-201006-04.xml
• Other Advisory URL: http://www.ocert.org/advisories/ocert-2008-008.html
  http://www.ocert.org/analysis/2008-008/analysis.txt
  https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Unknown or Incomplete