Launchpad.net

CVE 2009-0698

Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.

Related bugs and status

CVE-2009-0698 (Candidate) is related to these bugs:

Bug #322834: [regression] xine will not play certain mpeg video files

Summary				In	Importance	Status
	322834	[regression] xine will not play certain mpeg video files		xine-lib (Ubuntu)	Undecided	Fix Released
	322834	[regression] xine will not play certain mpeg video files		xine-lib	Medium	Fix Released

Bug #355825: Pausing a media will most of the time freezes the software used while using Xine and PulseAudio (default configuration in Kubuntu Jaunty)

Summary				In	Importance	Status
	355825	Pausing a media will most of the time freezes the software used while using Xine and PulseAudio (default configuration in Kubuntu Jaunty)		xine-lib (Ubuntu)	Medium	Fix Released
	355825	Pausing a media will most of the time freezes the software used while using Xine and PulseAudio (default configuration in Kubuntu Jaunty)		pulseaudio (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0698

Related bugs and status

Related bugs

References