Date: Mon, 24 Mar 2008 18:08:10 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request: xine-lib multiple buffer overflows ====================================================== Name: CVE-2008-1482 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 Reference: BUGTRAQ:20080320 Multiple heap overflows in xine-lib 1.1.11 Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489894/100/0/threaded Reference: MISC:http://aluigi.altervista.org/adv/xinehof-adv.txt Reference: MISC:http://aluigi.org/poc/xinehof.zip Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=438663 Reference: BID:28370 Reference: URL:http://www.securityfocus.com/bid/28370 Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.