CVE-2008-1161
Published: 10 March 2008
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
Notes
Author | Note |
---|---|
jdstrand | note that 1.1.11.1-1ubuntu3 fixed a Matroska regression-- may need both hg.debian.org commits regression not introduced as part of the security patch |
Priority
Status
Package | Release | Status |
---|---|---|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.9)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(1.1.4-2ubuntu3.1)
|
|
gutsy |
Released
(1.1.7-1ubuntu1.3)
|
|
hardy |
Not vulnerable
|
|
upstream |
Released
(1.1.10.1)
|
|
Patches: vendor: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb vendor: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=ff20b8db74ea;style=raw vendor: http://www.debian.org/security/2008/dsa-1536 |