oss-security - Re: CVE id request: xine-lib <= 1.1.12 nsf handling

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 17 Apr 2008 17:20:40 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Hanno Böck <hanno@...eck.de>
cc: oss-security@...ts.openwall.com, coley@...re.org
Subject: Re: CVE id request: xine-lib <= 1.1.12 nsf handling

======================================================
Name: CVE-2008-1878
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Reference: BID:28816
Reference: FRSIRT:ADV-2008-1247
Reference: URL:http://www.frsirt.com/english/advisories/2008/1247/references
Reference: MILW0RM:5458
Reference: URL:http://www.milw0rm.com/exploits/5458
Reference: SECUNIA:29850
Reference: URL:http://secunia.com/advisories/29850

Stack-based buffer overflow in the demux_nsf_send_chunk function in
src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long NSF title.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.