In association with heise online

17 April 2008, 15:37

Another critical vulnerability in xine-lib

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The xine-lib development team has only just released version 1.1.12, which fixed multiple security vulnerabilities, and already a demo of another vulnerability in the multimedia library has turned up. The newly disclosed vulnerability can be exploited by attackers to inject and execute arbitrary code.

The vulnerability is in the src/demuxers/demux_nsf.c routine used for processing NES sound format (NSF) files. The demultiplexer uses a fixed size buffer into which it copies NSF song titles without any length checking.

xine-lib does not rely on file extensions to determine file content and select the appropriate filter for decoding. Crafted NSF files can therefore have extensions such as .mp3, as used by the demo exploit found on milw0rm. Users of xine-lib based media players such as Totem and Kaffeine should therefore only open files from trusted sources even when using the latest version 1.1.12.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit