FreshPorts - VuXML

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2008-0225). It also contains a read-past-end fix for an internal library function which is only used if the OS does not supply it and a rendering fix for Darwin/PPC.

< 1.1.9.1

xine team reports:

A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows.

< 1.1.15

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).

< 1.1.1_6

A xine security announcement states:

A heap overflow has been found in the DVD subpicture decoder of xine-lib. This can be used for a remote heap overflow exploit, which can, on some systems, lead to or help in executing malicious code with the permissions of the user running a xine-lib based media application.

< 1.0.r6

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c "real_parse_sdp()" function. A remote attacker could exploit this by tricking an user to connect to a preparated server potentially causing a buffer overflow. Another buffer overflow had been found in the libmms library, potentially allowing a remote attacker to cause a denial of service vulnerability, and possible remote code execution through the following functions: send_command, string_utf16, get_data and get_media_packets. Other functions might be affected as well.

< 1.1.3

A xine security announcement states:

Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol (RTSP) client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the code in question is common to these projects.

Severity: High (arbitrary remote code execution under the user ID running the player) when playing Real RTSP streams. At this time, there is no known exploit for these vulnerabilities.

< 0.99.4

< 1.0.r4

Gentoo Linux Security Advisory reports:

Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents.

An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code.

< 1.1.0_1

xine developers report:

• Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385)
• Fix an integer overflow in the Quicktime demuxer.

< 1.1.16.3

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

• Fix broken size checks in various input plugins (ref. CVE-2008-5239).
• More malloc checking (ref. CVE-2008-5240).

< 1.1.16.2

Due to a buffer overflow in the open_aiff_file function in demux_aiff.c, a remote attacker is able to execute arbitrary code via a modified AIFF file.

le 1.0.r5_3

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2006-1664). (This is not the first time that that bug has been fixed...) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9.

< 1.1.10

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)

< 1.1.12

iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer:

• Potential heap overflow in Real RTSP streaming code
• Potential stack overflow in MMST streaming code
• Multiple buffer overflows in BMP demuxer
• Potential heap overflow in pnm streaming code
• Potential buffer overflow in mp3lib

These vulnerabilities could allow a remote attacker to execute arbitrary code as the user running MPlayer. The problem in the pnm streaming code also affects xine.

< 0.99.5_5

le 1.0.r5_3

A xine security announcement reports:

By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.

Both the MMS and Real RTSP streaming client code made some too-strong assumptions on the transferred data. Several critical bounds checks were missing, resulting in the possibility of heap overflows, should the remote server not adhere to these assumptions. In the MMS case, a remote server could present content with too many individual streams; in the RTSP case, a remote server's reply could have too many lines.

An attacker can set up a server delivering malicious data to the users. This can be used to overflow a heap buffer, which can, with certain implementations of heap management, lead to attacker chosen data written to the stack. This can cause attacker-chosen code being executed with the permissions of the user running the application. By tricking users to retrieve a stream, which can be as easy as providing a link on a website, this vulnerability can be exploited remotely.

< 0.99.7

ge 0.9.9 lt 1.0.1

A xine security announcement states:

Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbitrary code with the permissions of the user running a xine-lib based media application.

Stack-based string overflows have been found:

1. in the code which handles VideoCD MRLs
2. in VideoCD code reading the disc label
3. in the code which parses text subtitles and prepares them for display

ge 1.0.r2 lt 1.0.r6

From the xinehq advisory:

By opening a malicious MRL in any xine-lib based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.

The flaw is a result of a feature that allows MRLs (media resource locator URIs) to specify arbitrary configuration options.

gt 0.9 lt 1.0.r3_5

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.

< 1.1.10.1

Mitre CVE reports:

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.

< 0.3

< 1.1.1