From 62bd6b7c6c3eeb3585bbf2e1d71110115703e4c3 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Wed, 12 Jan 2005 14:39:03 +0000 Subject: - Document some older security issues in libxine. - Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more complete, new entry. (A xine security announcement covered the same issue and others.) - Add references to xine security announcements and iDEFENSE Security Advisories. --- security/vuxml/vuln.xml | 161 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 120 insertions(+), 41 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 966733ba9b9b..df0ee9c21d0f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,117 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + libxine -- DVD subpicture decoder heap overflow + + + libxine + 1.0.r6 + + + + +

A xine security announcement states:

+
A heap overflow has been found in the DVD subpicture + decoder of xine-lib. This can be used for a remote heap + overflow exploit, which can, on some systems, lead to or + help in executing malicious code with the permissions of the + user running a xine-lib based media application.
+

+ + + + http://xinehq.de/index.php/security/XSA-2004-5 + + + 2004-09-06 + 2005-01-12 + + + + + libxine -- multiple vulnerabilities in VideoCD handling + + + libxine + 1.0.r21.0.r6 + + + + +

A xine security announcement states:

+
Several string overflows on the stack have been fixed in + xine-lib, some of them can be used for remote buffer + overflow exploits leading to the execution of arbitrary code + with the permissions of the user running a xine-lib based + media application.
+
Stack-based string overflows have been found:
+
+
in the code which handles VideoCD MRLs
+
in VideoCD code reading the disc label
+
in the code which parses text subtitles and prepares + them for display
+
+

+ + + + http://xinehq.de/index.php/security/XSA-2004-4 + + + 2004-09-07 + 2005-01-12 + + + + + libxine -- multiple buffer overflows in RTSP + + + mplayer + mplayer-gtk + mplayer-gtk2 + mplayer-esound + mplayer-gtk-esound + mplayer-gtk2-esound + 0.99.4 + + + libxine + 1.0.r4 + + + + +

A xine security announcement states:

+
Multiple vulnerabilities have been found and fixed in the + Real-Time Streaming Protocol (RTSP) client for RealNetworks + servers, including a series of potentially remotely + exploitable buffer overflows. This is a joint advisory by + the MPlayer and xine teams as the code in question is common + to these projects.
+
Severity: High (arbitrary remote code execution under the + user ID running the player) when playing Real RTSP streams. + At this time, there is no known exploit for these + vulnerabilities.
+

+ + + + CAN-2004-0433 + http://xinehq.de/index.php/security/XSA-2004-3 + http://xforce.iss.net/xforce/xfdb/16019 + 10245 + + + 2004-05-25 + 2005-01-12 + + + hylafax -- unauthorized login vulnerability @@ -619,10 +730,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. CAN-2004-1300 http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt + http://xinehq.de/index.php/security/XSA-2004-7 2004-12-15 2004-12-29 + 2005-01-12 @@ -872,7 +985,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -

iDEFENSE and the MPlayer Team has found multiple +

iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer:

Potential heap overflow in Real RTSP streaming code

CAN-2004-1188

http://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2

http://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300

http://www.idefense.com/application/poi/display?id=166

http://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443

http://www.idefense.com/application/poi/display?id=167

http://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345

http://www.idefense.com/application/poi/display?id=168

http://xinehq.de/index.php/security/XSA-2004-6

2004-12-10 2004-12-21 - 2004-12-29 + 2005-01-12

- xine -- vcd URL buffer overflow - - - libxine - 1.0.r5_2 - - - - -

c0ntex[at]open-security.org reports a buffer overflow in - xine's handling of vcd:// URLs:

-
Like the excellent Mplayer, Xine is a superb free media - player for Linux. Sadly there is a generic stack based - buffer overflow in all versions of Xine-lib, including - Xine-lib-rc5 that allows for local and remote malicious - code execution.
-
By overflowing the vcd:// input source identifier buffer, - it is possible to modify the instruction pointer with a - value that a malicious attacker can control. The issue - can be replicated in a remote context by embedding the - input source idientifier within a playlist file, such as - an asx. When a user plays the file, this stack overflow - will occur, exploit code can then be executed with the - rights of the user running Xine.
-

- - - - http://www.open-security.org/advisories/6 - http://cvs.sourceforge.net/viewcvs.py/xine/xine-vcdnav/input/xineplug_inp_vcd.c#rev1.109 - http://secunia.com/advisories/12194 - http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923 - http://www.osvdb.org/8409 - - - 2004-07-18 - 2004-08-23 - +

-- cgit v1.2.3