FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- buffer overflow vulnerability

Affected packages
libxine < 1.1.1_6

Details

VuXML ID 107e2ee5-f941-11da-b1fa-020039488e34
Discovery 2006-05-31
Entry 2006-06-11

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).

[source]

References

Bugtraq ID 18187
CVE Name CVE-2006-2802
URL http://secunia.com/advisories/20369

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.