Buffer overflow : xine-lib < 1.1.16.1 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900041

Categoría: Buffer overflow

Título: xine-lib < 1.1.16.1 Multiple Vulnerabilities

Resumen: xine-lib is prone to multiple vulnerabilities.

Descripción: Summary:
xine-lib is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to overflow errors that exist in open_ra_file()
in demux_realaudio.c, parse_block_group() in demux_matroska.c, and
real_parse_audio_specific_data() in demux_real.c methods.

Vulnerability Impact:
Remote exploitation could allow execution of arbitrary code
to cause head-based buffer overflow via a specially crafted RealAudio or Matroska file.

Affected Software/OS:
xine-lib versions 1.1.15 and prior.

Solution:
Update to version 1.1.16.1 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5236
BugTraq ID: 30797
http://www.securityfocus.com/bid/30797
Bugtraq: 20080822 [oCERT-2008-008] multiple heap overflows in xine-lib (Google Search)
http://www.securityfocus.com/archive/1/495674/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
http://sourceforge.net/project/shownotes.php?release_id=619869
http://www.ocert.org/analysis/2008-008/analysis.txt
http://www.osvdb.org/47744
http://secunia.com/advisories/31502
http://secunia.com/advisories/31567
http://secunia.com/advisories/31827
http://secunia.com/advisories/33544
http://securityreason.com/securityalert/4648
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/2382
http://www.vupen.com/english/advisories/2008/2427
XForce ISS Database: xinelib-openrafile-bo(44642)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44642
XForce ISS Database: xinelib-parseblockgroup-bo(44634)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44634

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900041
Categoría:	Buffer overflow
Título:	xine-lib < 1.1.16.1 Multiple Vulnerabilities
Resumen:	xine-lib is prone to multiple vulnerabilities.
Descripción:	Summary: xine-lib is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to overflow errors that exist in open_ra_file() in demux_realaudio.c, parse_block_group() in demux_matroska.c, and real_parse_audio_specific_data() in demux_real.c methods. Vulnerability Impact: Remote exploitation could allow execution of arbitrary code to cause head-based buffer overflow via a specially crafted RealAudio or Matroska file. Affected Software/OS: xine-lib versions 1.1.15 and prior. Solution: Update to version 1.1.16.1 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5236 BugTraq ID: 30797 http://www.securityfocus.com/bid/30797 Bugtraq: 20080822 [oCERT-2008-008] multiple heap overflows in xine-lib (Google Search) http://www.securityfocus.com/archive/1/495674/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.osvdb.org/47744 http://secunia.com/advisories/31502 http://secunia.com/advisories/31567 http://secunia.com/advisories/31827 http://secunia.com/advisories/33544 http://securityreason.com/securityalert/4648 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://www.vupen.com/english/advisories/2008/2382 http://www.vupen.com/english/advisories/2008/2427 XForce ISS Database: xinelib-openrafile-bo(44642) https://exchange.xforce.ibmcloud.com/vulnerabilities/44642 XForce ISS Database: xinelib-parseblockgroup-bo(44634) https://exchange.xforce.ibmcloud.com/vulnerabilities/44634
Copyright	Copyright (C) 2008 Greenbone AG