Info

Disclosure

Aug 22, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple overflows exists in xine-lib. The matroska demuxer (src/demuxers/demux_matroska.c) fails to properly sanitize input to the parse_block_group() function and when handling MATROSKA_ID_TR_CODECPRIVATE track entry elements resulting in an overflow. With a specially crafted file or request, an attacker can cause the execution of arbitrary code or force process termination.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

These issues were not addresses in the 1.1.15 release.

Products

Unknown or Incomplete

References

Secunia Advisory ID: 31567 31827
Related OSVDB ID: 47741 47743 47744 47745 47746 47747 47748
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-08/0225.html
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/xine/releases/291868
Vendor Specific Solution URL: http://sourceforge.net/project/shownotes.php?release_id=619869&group_id=9655
Other Advisory URL: http://www.ocert.org/advisories/ocert-2008-008.html
http://www.ocert.org/analysis/2008-008/analysis.txt
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/47742