GLSA-200504-27 : xine-lib: Two heap overflow vulnerabilities
Medium Nessus Plugin ID 18145
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200504-27 (xine-lib: Two heap overflow vulnerabilities)
Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
By setting up a malicious server and enticing a user to use its streaming data, a remote attacker could possibly execute arbitrary code on the client computer with the permissions of the user running any multimedia frontend making use of the xine-lib library.
There is no known workaround at this time.
SolutionAll xine-lib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose media-libs/xine-lib