Multiple overflows exists in xine-lib. The matroska demuxer (src/demuxers/demux_matroska.c) fails to properly sanitize input to the parse_block_group() function and when handling MATROSKA_ID_TR_CODECPRIVATE track entry elements resulting in an overflow. With a specially crafted file or request, an attacker can cause the execution of arbitrary code or force process termination.
Local / Remote,
Loss of Integrity
These issues were not addresses in the 1.1.15 release.