FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)

High Nessus Plugin ID 38803


The remote FreeBSD host is missing a security-related update.


Multiple vulnerabilities were fixed in libxine

Tobias Klein reports :

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version

xine developers report :

- Fix broken size checks in various input plugins (ref.

- More malloc checking (ref. CVE-2008-5240).


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 38803

File Name: freebsd_pkg_51d1d42842f011dead22000e35248ad7.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2009/05/18

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libxine, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2009/05/17

Vulnerability Publication Date: 2009/02/15

Reference Information

CVE: CVE-2008-5234, CVE-2008-5240, CVE-2009-0698

CWE: 119, 189