Multiple heap overflows in xine-lib - Slackware

This is a discussion on Multiple heap overflows in xine-lib - Slackware ; http://www.securityfocus.com/archive/1/489894 xine-lib-1.1.11 is available and not affected by this advisory....

+ Reply to Thread
Results 1 to 3 of 3

Thread: Multiple heap overflows in xine-lib

  1. Multiple heap overflows in xine-lib

    http://www.securityfocus.com/archive/1/489894

    xine-lib-1.1.11 is available and not affected by this advisory.

  2. Re: Multiple heap overflows in xine-lib

    On 2008-03-20, Dave Uhring wrote:
    > http://www.securityfocus.com/archive/1/489894
    >
    > xine-lib-1.1.11 is available and not affected by this advisory.



    According to a mail on bugtraq, 1.1.11 does have issues:

    Application: xine-lib
    http://xinehq.de
    Versions: <= 1.1.11
    Platforms: Linux, *BSD, Solaris, Irix, MacOSX, Windows and others
    Bugs: A] heap-overflow in demux_flv
    B] heap-overflow in demux_qt
    C] heap-overflow in demux_real
    D] heap-overflow in demux_wc3movie
    E] heap-overflow in ebml
    F] heap-overflow in demux_film
    Exploitation: local
    Date: 20 Mar 2008
    Author: Luigi Auriemma


    Wonder how much will break with this update?

    -RW

  3. Re: Multiple heap overflows in xine-lib

    On Sun, 23 Mar 2008 18:06:43 +0000, Robby Workman wrote:

    > On 2008-03-20, Dave Uhring wrote:
    >> http://www.securityfocus.com/archive/1/489894
    >>
    >> xine-lib-1.1.11 is available and not affected by this advisory.

    >
    >
    > According to a mail on bugtraq, 1.1.11 does have issues:
    >
    > Application: xine-lib
    > http://xinehq.de
    > Versions: <= 1.1.11


    You are correct. I failed to notice that <= sign fully.

    > Wonder how much will break with this update?


    For the time being I'm using mplayer, updated every week or so with svn.


+ Reply to Thread