Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and previous versions versions, allow remote malicious users to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xine xine 1.1.1 |
||
xine xine 1.1.0 |
||
xine xine 1 |
||
xine xine 1.1.10.1 |
||
xine xine 1.1.4 |
||
xine xine 1.0.1 |
||
xine xine 1.0 |
||
xine xine 1.0.3a |
||
xine xine 1.0.2 |
||
xine xine |
||
xine xine 1.1.3 |
||
xine xine 1.1.2 |
||
xine xine 0.9.13 |
||
xine xine 1.1.11 |
||
xine xine 1.1.11.1 |