Test ID:	1.3.6.1.4.1.25623.1.0.52843
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2005-27 (xine-lib)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xine-lib announced via advisory TLSA-2005-27. The xine engine is a free media player engine. It comes in the form of a shared libarary and is typically used by media player frontends and other multimedia applications for playback of multimedia streams such as movies, radio/tv network streams, DVDs, VCDs. Buffer overflow vulnerabilities have been discovered in the open_aiff_file and pnm_get_chunk functions of xine-lib. These vulnerabilities may allow attackers to execute arbitrary code via malformed multimedia files. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-27 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1187 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 XForce ISS Database: xine-pnatag-bo(18640) https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 Common Vulnerability Exposure (CVE) ID: CVE-2004-1188 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities XForce ISS Database: xine-pnmgetchunk-bo(18638) https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 Common Vulnerability Exposure (CVE) ID: CVE-2004-1300 http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt XForce ISS Database: xine-openaifffile-bo(18611) https://exchange.xforce.ibmcloud.com/vulnerabilities/18611
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.