[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer
Bug #195700 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xine-lib (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
High
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
High
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
References:
MDVSA-2008:046 (http://
MDVSA-2008:046-1 (http://
Quoting MDVSA-2008:046:
"An array index vulnerability found in the FLAC audio demuxer might
allow remote attackers to execute arbitrary code via a crafted FLAC
tag, which triggers a buffer overflow. Although originally an MPlayer
issue, it also affects xine-lib due to code similarity."
Quoting MDVSA-2008:046-1:
"[...] The previous update used a bad patch which made Amarok interface
very unresponsive while playing FLAC files. This new update fixes
the security issue with a better patch."
Related branches
Changed in xine-lib: | |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → Confirmed |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → Confirmed |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → Confirmed |
To post a comment you must log in.
See also Bug#210163.