Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code)

    Damian Frizza and Alfredo Ortega (Core Security Technologies)     discovered a stack-based buffer overflow within the open_flac_file()     function in the file demux_flac.c when parsing tags within a FLAC file     (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is     similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).
  Impact :

    A remote attacker could entice a user to play specially crafted FLAC or     ASF video streams with a player using xine-lib, potentially resulting     in the execution of arbitrary code with the privileges of the user     running the player.
  Workaround :

    There is no known workaround at this time.

xine project reports :

A new xine-lib version is now available. This release contains a security fix (remotely-exploitable buffer overflow, CVE-2006-1664).
(This is not the first time that that bug has been fixed...) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9.

Maintenance/security fix release 1.1.10.
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id= 571608

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200604-16 (xine-lib: Buffer overflow vulnerability)

    Federico L. Bossi Bonin discovered that when handling MPEG streams     xine-lib fails to make a proper boundary check of the input data     supplied by the user before copying it to an insufficiently sized     memory buffer.
  Impact :

    A remote attacker could entice a user to play a specially crafted     MPEG file, resulting in the execution of arbitrary code with the     permissions of the user running the application.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
31295	GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
30127	FreeBSD : libxine -- buffer overflow vulnerability (6ecd0b42-ce77-11dc-89b1-000e35248ad7)	Nessus	FreeBSD Local Security Checks	high
30115	Fedora 7 : xine-lib-1.1.10-1.fc7 (2008-1047)	Nessus	Fedora Local Security Checks	high
30114	Fedora 8 : xine-lib-1.1.10-1.fc8 (2008-1043)	Nessus	Fedora Local Security Checks	high
21298	GLSA-200604-16 : xine-lib: Buffer overflow vulnerability	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2006-1664

critical

Tenable Plugins

high

high

high

high

high