FreeBSD : libxine -- multiple vulnerabilities (51d1d428-42f0-11de-ad22-000e35248ad7)
High Nessus Plugin ID 38803
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMultiple vulnerabilities were fixed in libxine 184.108.40.206.
Tobias Klein reports :
FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.
Note: A similar issue also affects xine-lib < version 220.127.116.11.
xine developers report :
- Fix broken size checks in various input plugins (ref.
- More malloc checking (ref. CVE-2008-5240).
SolutionUpdate the affected package.