Date: Thu, 17 Apr 2008 17:20:40 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Hanno Böck <hanno@...eck.de> cc: oss-security@...ts.openwall.com, coley@...re.org Subject: Re: CVE id request: xine-lib <= 1.1.12 nsf handling ====================================================== Name: CVE-2008-1878 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878 Reference: BID:28816 Reference: FRSIRT:ADV-2008-1247 Reference: URL:http://www.frsirt.com/english/advisories/2008/1247/references Reference: MILW0RM:5458 Reference: URL:http://www.milw0rm.com/exploits/5458 Reference: SECUNIA:29850 Reference: URL:http://secunia.com/advisories/29850 Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.