Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52843
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2005-27 (xine-lib)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to xine-lib
announced via advisory TLSA-2005-27.

The xine engine is a free media player engine. It comes in the form of a shared
libarary and is typically used by media player frontends and other multimedia
applications for playback of multimedia streams such as movies, radio/tv
network streams, DVDs, VCDs.

Buffer overflow vulnerabilities have been discovered in the open_aiff_file
and pnm_get_chunk functions of xine-lib.

These vulnerabilities may allow attackers to execute arbitrary
code via malformed multimedia files.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-27

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1187
http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
XForce ISS Database: xine-pnatag-bo(18640)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18640
Common Vulnerability Exposure (CVE) ID: CVE-2004-1188
http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
XForce ISS Database: xine-pnmgetchunk-bo(18638)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
Common Vulnerability Exposure (CVE) ID: CVE-2004-1300
http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
XForce ISS Database: xine-openaifffile-bo(18611)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18611
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.