Ubuntu
xine-lib package

CVE-2006-1664: Malformed MPEG Stream Buffer Overflow Vulnerability

Bug #41447 reported by Reinhard Tartler
260
Affects Status Importance Assigned to Milestone
xine-lib (Debian)
Fix Released
Unknown
xine-lib (Ubuntu)
Invalid
High
Martin Pitt

Bug Description

According to CVE-2006-1664, there is a "buffer overflow in
xine_list_delete_current in libxine 1.14 and earlier, as distributed
in xine-lib 1.1.1 and earlier, allows remote attackers to execute
arbitrary code via a crafted MPEG stream."

CVE References

Revision history for this message
William Grant (wgrant) wrote :

Security-related, so it should be major. Also note that the upstream bug number is wrong. It's #363127, not #363127. The correct link is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363127.

Changed in xine-lib:
status: Unconfirmed → Confirmed
Revision history for this message
William Grant (wgrant) wrote :

Oops, the bug number should be #363127, not ##363127.

Revision history for this message
Reinhard Tartler (siretart) wrote :

link to debian bug #363127 was wrong

Matt Zimmerman (mdz)
Changed in xine-lib:
assignee: nobody → pitti
Bug Watch Updater (bug-watch-updater)
Changed in xine-lib:
status: Unconfirmed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

I tried to reproduce this without success a while ago. Debian closed the bug due to unreproducability, too. So I'm going to do the same until someone has further information.

Changed in xine-lib:
status: Confirmed → Rejected
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.