FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- multiple vulnerabilities

Affected packages
libxine < 1.1.16.2

Details

VuXML ID 51d1d428-42f0-11de-ad22-000e35248ad7
Discovery 2009-02-15
Entry 2009-05-17

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

References

CVE Name CVE-2008-5234
CVE Name CVE-2008-5240
CVE Name CVE-2009-0698
URL http://sourceforge.net/project/shownotes.php?release_id=660071
URL http://trapkit.de/advisories/TKADV2009-004.txt