OSVDB ID: 47742

Title: xine-lib src/demuxers/demux_matroska.c Multiple Overflows

Info

Disclosure

Aug 22, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple overflows exists in xine-lib. The matroska demuxer (src/demuxers/demux_matroska.c) fails to properly sanitize input to the parse_block_group() function and when handling MATROSKA_ID_TR_CODECPRIVATE track entry elements resulting in an overflow. With a specially crafted file or request, an attacker can cause the execution of arbitrary code or force process termination.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

These issues were not addresses in the 1.1.15 release.

Products

Unknown or Incomplete

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/47742