Ubuntu
xine-lib package

[CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer

Bug #235904 reported by Till Ulen
252
Affects Status Importance Assigned to Milestone
xine-lib (Baltix)
New
Undecided
Unassigned
xine-lib (Ubuntu)
Fix Released
Undecided
Reinhard Tartler

Bug Description

CVE-2008-1878 description:

"Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1878
http://www.debian.org/security/2008/dsa-1586

Related branches

lp:ubuntu/karmic/xine-lib

CVE References

Revision history for this message
Mantas Kriaučiūnas (mantas) wrote : Re: [CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer - please update xine-lib to 1.1.13

Please update xine-lib to 1.1.13 - this will solve several important bugs, like:
* [CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer
* Ubuntu bug #93076 - important display bug with Motion JPEG video's (such videos are produced by most photo cameras)

I'm pasting important info from xine-lib to 1.1.13 Release Notes:

Maintenance & security-fix release.
Changes:
* Security fixes:
  - Buffer overflow in the NSF demuxer which may allow remote attackers to
    cause a denial of service (crash) or possibly execute arbitrary code
    via an NSF file with a long title or copyright message. (CVE-2008-1878)
  - For extra safety against possible Integer overflows like the ones found
    in CVE-2008-1482, backport more calloc usage from 1.2 branch.
* Added MIME types and .mpp for musepack.
* Fixed display of some MJPEG streams (YUVJ420P).
* Provide a useful implementation of xine_register_log_cb().
* New version of the JACK output plugin.

See http://sourceforge.net/project/shownotes.php?release_id=606977&group_id=9655 for full release notes

Revision history for this message
Reinhard Tartler (siretart) wrote :

New upstream (1.1.14) fixing this issue is prepared.

Changed in xine-lib:
assignee: nobody → siretart
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xine-lib - 1.1.14-1ubuntu1

---------------
xine-lib (1.1.14-1ubuntu1) intrepid; urgency=low

  * merge from debian unstable. Remaining changes:
    - disable the jack plugin
      in libxine1-bin to make dapper->hardy upgrades work (LP #203605)
    - Modify Maintainer value to match the DebianMaintainerField
      specification.
  * New upstream fixes:
    - playback of MJPEG files LP: #93076
    - CVE-2008-1878 LP: #235904
    - CVE-2008-1686 LP: #218652
  * remove Replaces: libxine-main1 (<< 1.1.2+repacked1-0ubuntu1). We don't
    support upgrades from dapper/feisty anymore.

xine-lib (1.1.14-1) unstable; urgency=low

  * The "beat the freeze" release.
  * New upstream release.
    - All patches in 1.1.12-2 are present upstream.
    - MIME types added. (Closes: #472869)
  * Build-depend on libmagick9-dev | libmagick-dev | libmagickwand-dev.
  * Build-depend on ghostscript | gs | gs-gpl.

 -- Reinhard Tartler <email address hidden> Tue, 08 Jul 2008 22:35:48 +0200

Changed in xine-lib:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.