This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Vulnerabilities have been discovered and corrected in xine-lib :
- Integer overflow in the qt_error parse_trak_atom
function in demuxers/demux_qt.c in xine-lib 126.96.36.199 and
earlier allows remote attackers to execute arbitrary
code via a Quicktime movie file with a large count value
in an STTS atom, which triggers a heap-based buffer
- Integer overflow in the 4xm demuxer
(demuxers/demux_4xm.c) in xine-lib 188.8.131.52 allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a 4X movie file
with a large current_track value, a similar issue to
This update fixes these issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5