FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- array index vulnerability

Affected packages
libxine < 1.1.12

Details

VuXML ID 7a7c5853-10a3-11dd-8eb8-00163e000016
Discovery 2008-04-06
Entry 2008-04-24

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)

[source]

References

CVE Name CVE-2008-1686
URL http://www.xinehq.de/index.php/news

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.