Info

Disclosure

Aug 22, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple overflows exists in xine-lib. The QT demuxer (src/demuxers/demux_qt.c) fails to properly sanitize input to the parse_moov_atom() function, parse_reference_atom() function, when handling compressed MOV (CMOV_ATOM) files and when allocating STSD_ATOM atoms resulting in an overflow. With a specially crafted file or request, an attacker can cause the execution of arbitrary code or force process termination.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 1.1.15 or higher, as it has been reported to fix the parse_moov_atom() function overflow. The other three vectors were not addresses in 1.1.15. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1020703
CVE ID: 2008-5234 (see also: NVD) 2008-5241 (see also: NVD) 2008-5242 (see also: NVD)
Bugtraq ID: 30797
Secunia Advisory ID: 31502 31567 31827 33544 33676 33849 39949
Related OSVDB ID: 47742 47743 47744 47745 47746 47747 47748
VUPEN Advisory: ADV-2008-2382
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-08/0225.html
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/xine/releases/291868
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://sourceforge.net/project/shownotes.php?release_id=619869
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-January/000829.html
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
Vendor Specific Solution URL: http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-201006-04.xml
Other Advisory URL: http://www.ocert.org/advisories/ocert-2008-008.html
http://www.ocert.org/analysis/2008-008/analysis.txt
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/47741