Mandriva Linux Security Advisory - A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file. The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages.
066d0295c5e7993cf9dc8e543353f75479252803b2356b941a661066f30a1f4f
Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
cc1af7aa9af190d5e08578ee557ea3356fcedf52d35bb1e99c652fdbdc04649d
Ubuntu Security Notice 635-1 - Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu.
99d390c6edf6c39134bcdba1921abab340fd7b8da4de5350fcc4a3b2f854f9bf
Gentoo Linux Security Advisory GLSA 200808-01 - xine-lib is vulnerable to multiple buffer overflows when processing media streams. Versions less than 1.1.13 are affected.
96a2505b5b01051d10174f599b4cedd3078d0417ff72f8307ce3bfe2546cac59
Gentoo Linux Security Advisory GLSA 200804-25 - Multiple vulnerabilities were found in VLC, allowing for the execution of arbitrary code. Versions less than 0.8.6f are affected.
733c1ed79b59af467f3202cfcca6cf46127798c0785059ffd164115fb1fb23fa
Debian Security Advisory 1543-1 - A fair amount of people have discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
43c8e38327a0f4ab711aed482ec7c4baef51ac88dd524fe85382da636923474e
Debian Security Advisory 1536-1 - Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.
fab16d0e5e9613a38e131a5540e6b1deca18ee6d6d803c2faf22cc0f1e8ea324