Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
BID:17370
Info
Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
| Bugtraq ID: | 17370 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1664 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2006 12:00AM |
| Updated: | Apr 26 2006 11:11PM |
| Credit: | Federico L. Bossi Bonin <[email protected]> discovered this issue. |
| Vulnerable: |
xine xine-lib 1.1.1 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
Xine-lib is susceptible to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib version 1.1.1 is reportedly affected. Other versions may also be affected, as well as all applications that use a vulnerable version of the library.
Xine-lib is susceptible to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib version 1.1.1 is reportedly affected. Other versions may also be affected, as well as all applications that use a vulnerable version of the library.
Exploit / POC
Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
A proof-of-concept exploit is available that causes a crash in affected applications.
A proof-of-concept exploit is available that causes a crash in affected applications.
Solution / Fix
Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for further information on obtaining and applying fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Please see the referenced advisories for further information on obtaining and applying fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]