FreeBSD : libxine -- multiple vulnerabilities in VideoCD handling (b6939d5b-64a1-11d9-9106-000a95bc6fae)

high Nessus Plugin ID 19094

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A xine security announcement states :

Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbitrary code with the permissions of the user running a xine-lib based media application.

Stack-based string overflows have been found :

- in the code which handles VideoCD MRLs

- in VideoCD code reading the disc label

- in the code which parses text subtitles and prepares them for display

Solution

Update the affected package.

See Also

http://www.nessus.org/u?21259b72

http://www.nessus.org/u?58c669bb

Plugin Details

Severity: High

ID: 19094

File Name: freebsd_pkg_b6939d5b64a111d99106000a95bc6fae.nasl

Version: 1.13

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libxine, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/12/2005

Vulnerability Publication Date: 9/7/2004