Xine DirectShow Loader Remote Buffer Overflow Vulnerability
BID:22933
Info
Xine DirectShow Loader Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22933 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1387 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 12 2007 12:00AM |
| Updated: | Apr 01 2008 05:29PM |
| Credit: | Moritz Jodeit is credited with the discovery of this vulnerability. |
| Vulnerable: |
xine xine-lib 1.1.2 xine xine-lib 1.1.1 xine xine-lib 1.1 xine xine-lib 1.0.2 xine xine-lib 1.0.1 xine xine-lib 1.0 xine xine 1.0.1 xine xine 1.0 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... Turbolinux Home Turbolinux FUJI 0 Pardus Linux 2007.1 MPlayer MPlayer 0.92.1 MPlayer MPlayer 0.92 MPlayer MPlayer 0.91 MPlayer MPlayer 0.90 rc series MPlayer MPlayer 0.90 pre series MPlayer MPlayer 0.90 MPlayer MPlayer 0.9 0rc4 MPlayer MPlayer 1.0 -rc1 MPlayer MPlayer 1.0 MPlayer MPlayer 0_92 CVS Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Xine DirectShow Loader Remote Buffer Overflow Vulnerability
Xine is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied input into finite-sized buffers.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
Xine is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied input into finite-sized buffers.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
Exploit / POC
Xine DirectShow Loader Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice a victim user to open a malicious media file.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
To exploit this issue, an attacker must entice a victim user to open a malicious media file.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Xine DirectShow Loader Remote Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for more information.
MPlayer MPlayer 1.0
Solution:
Please see the referenced advisories for more information.
MPlayer MPlayer 1.0
-
Mandriva lib64postproc0-1.0-0.pre3.14.10.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva lib64postproc0-devel-1.0-0.pre3.14.10.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libdha0.1-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libdha1.0-1.0-1.pre8.13.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva libpostproc0-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libpostproc0-devel-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mencoder-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mencoder-1.0-0.pre3.14.10.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mencoder-1.0-1.pre8.13.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva mencoder-1.0-1.pre8.13.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva mplayer-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-1.0-0.pre3.14.10.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-1.0-1.pre8.13.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-1.0-1.pre8.13.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva mplayer-gui-1.0-0.pre3.14.10.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-gui-1.0-0.pre3.14.10.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-gui-1.0-1.pre8.13.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva mplayer-gui-1.0-1.pre8.13.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download