GLSA-200604-16 : xine-lib: Buffer overflow vulnerability
High Nessus Plugin ID 21298
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200604-16 (xine-lib: Buffer overflow vulnerability)
Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the input data supplied by the user before copying it to an insufficiently sized memory buffer.
A remote attacker could entice a user to play a specially crafted MPEG file, resulting in the execution of arbitrary code with the permissions of the user running the application.
There is no known workaround at this time.
SolutionAll xine-lib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.2_pre20060328-r1'