Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-3329

Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.

Related bugs and status

CVE-2007-3329 (Candidate) is related to these bugs:

Bug #306399: New upstream version available (1.2.2)

Summary				In	Importance	Status
	306399	New upstream version available (1.2.2)		xvidcore (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 24561
SECUNIA: 25711
CONFIRM: http://bugs.gentoo.org...
CONFIRM: http://cvs.xvid.org/cv...
GENTOO: GLSA-200708-02
SECUNIA: 26353
OSVDB: 37728
CONFIRM: http://cvs.xvid.org/cv...
XF: xvid-getintrablock-cod...