USN-635-1: xine-lib vulnerabilities

06 August 2008

xine-lib vulnerabilities

Releases

Packages

Details

Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)

Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0225, CVE-2008-0238)

Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked into opening a crafted FLAC file, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0486)

It was discovered that the ASF demuxer in xine-lib did not properly
check the length if the ASF header. If a user or automated system
were tricked into opening a crafted ASF file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2008-1110)

It was discovered that the Matroska demuxer in xine-lib did not
properly verify frame sizes. If xine-lib opened a crafted ASF file,
a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-1161)

Luigi Auriemma discovered multiple integer overflows in xine-lib. If
a user or automated system were tricked into opening a crafted FLV,
MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-1482)

It was discovered that xine-lib did not properly validate its input
when processing Speex file headers. If a user or automated system
were tricked into opening a specially crafted Speex file, an
attacker could create a denial of service or possibly execute
arbitrary code as the user invoking the program. (CVE-2008-1686)

Guido Landi discovered a stack-based buffer overflow in xine-lib
when processing NSF files. If xine-lib opened a specially crafted
NSF file with a long NSF title, an attacker could create a denial of
service or possibly execute arbitrary code as the user invoking the
program. (CVE-2008-1878)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06

After a standard system upgrade you need to restart applications
linked against xine-lib to effect the necessary changes.

Related notices