PublicDate: 2008-02-29 19:44:00 UTC
Candidate: CVE-2008-1110
References: 
 https://ubuntu.com/security/notices/USN-635-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110
Description:
 Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the
 xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote
 attackers to execute arbitrary code or cause a denial of service (crash)
 via a crafted ASF header.  NOTE: this issue leads to a crash when an attack
 uses the CVE-2006-1664 exploit code, but it is different from
 CVE-2006-1664.
Ubuntu-Description: 
Notes: 
 jdstrand> according to http://xinehq.de/index.php/security, 1.1.2 and earlier
   are not affected
 jdstrand> PoC http://milw0rm.com/exploits/1641
Bugs: 
Priority: medium
Discovered-by: 
Assigned-to: jdstrand
CVSS: 

Patches_xine-lib:
 debian: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fb6d089b520dca199ef16a046da28c50c984c2d2;style=gitweb
upstream_xine-lib: released (1.1.10)
dapper_xine-lib: not-affected (1.1.1+ubuntu2-7.7)
edgy_xine-lib: needed (reached end-of-life)
feisty_xine-lib: released (1.1.4-2ubuntu3.1)
gutsy_xine-lib: released (1.1.7-1ubuntu1.3)
hardy_xine-lib: not-affected
devel_xine-lib: not-affected