PublicDate: 2008-04-17 22:05:00 UTC
Candidate: CVE-2008-1878
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 https://ubuntu.com/security/notices/USN-635-1
Description:
 Stack-based buffer overflow in the demux_nsf_send_chunk function in
 src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote
 attackers to cause a denial of service (crash) and possibly execute
 arbitrary code via a long NSF title.
Ubuntu-Description:
Notes:
 jdstrand> PoC http://www.milw0rm.com/exploits/5458
Bugs:
 https://bugs.launchpad.net/bugs/235904
Priority: medium
Discovered-by: Guido Landi 
Assigned-to: jdstrand
CVSS: 

Patches_xine-lib:
 vendor: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
upstream_xine-lib: released (1.1.14)
dapper_xine-lib: released (1.1.1+ubuntu2-7.9)
feisty_xine-lib: released (1.1.4-2ubuntu3.1)
gutsy_xine-lib: released (1.1.7-1ubuntu1.3)
hardy_xine-lib: released (1.1.11.1-1ubuntu3.1)
devel_xine-lib: not-affected (1.1.14-1ubuntu1)