November 14, 2009

Mandriva Linux Security Advisory 2009:299: xine-lib

Vulnerabilities have been discovered and corrected in xine-lib:

- Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)

- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)
in xine-lib allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a 4X movie
file with a large current_track value, a similar issue to CVE-2009-0385

This update fixes these issues...

Read More

Click Here!