FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)

high Nessus Plugin ID 38803

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports :

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report :

- Fix broken size checks in various input plugins (ref.
CVE-2008-5239).

- More malloc checking (ref. CVE-2008-5240).

Solution

Update the affected package.

See Also

http://trapkit.de/advisories/TKADV2009-004.txt

http://www.nessus.org/u?0976caf4

http://www.nessus.org/u?2b155e38

Plugin Details

Severity: High

ID: 38803

File Name: freebsd_pkg_51d1d42842f011dead22000e35248ad7.nasl

Version: 1.16

Type: local

Published: 5/18/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libxine, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/17/2009

Vulnerability Publication Date: 2/15/2009

Reference Information

CVE: CVE-2008-5234, CVE-2008-5240, CVE-2009-0698

CWE: 119, 189