FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports :

FFmpeg contains a type conversion vulnerability while parsing
malformed 4X movie files. The vulnerability may be exploited by a
(remote) attacker to execute arbitrary code in the context of FFmpeg
or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report :

- Fix broken size checks in various input plugins (ref.
CVE-2008-5239).

- More malloc checking (ref. CVE-2008-5240).

See also :

http://trapkit.de/advisories/TKADV2009-004.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
http://www.nessus.org/u?5b41d044

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 38803 (freebsd_pkg_51d1d42842f011dead22000e35248ad7.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5234
CVE-2008-5240
CVE-2009-0698

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now