Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 17 Apr 2008 17:20:40 -0400 (EDT)
From: "Steven M. Christey" <>
To: Hanno Böck <>
Subject: Re: CVE id request: xine-lib <= 1.1.12 nsf handling

Name: CVE-2008-1878
Status: Candidate
Reference: BID:28816
Reference: FRSIRT:ADV-2008-1247
Reference: URL:
Reference: MILW0RM:5458
Reference: URL:
Reference: SECUNIA:29850
Reference: URL:

Stack-based buffer overflow in the demux_nsf_send_chunk function in
src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long NSF title.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.