FreeBSD : libxine -- multiple vulnerabilities in VideoCD handling (b6939d5b-64a1-11d9-9106-000a95bc6fae)
High Nessus Plugin ID 19094
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA xine security announcement states :
Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbitrary code with the permissions of the user running a xine-lib based media application.
Stack-based string overflows have been found :
- in the code which handles VideoCD MRLs
- in VideoCD code reading the disc label
- in the code which parses text subtitles and prepares them for display
SolutionUpdate the affected package.