In association with heise online

05 December 2006, 16:09

Update fixes critical vulnerability in Xine libraries

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Users of the open source media player Xine should update their program libraries - xine lib versions prior to 1.1.3 contain a security vulnerability that could permit an attacker to infiltrate malware onto a computer via media files. Other players besides Xine use the same libraries. The vulnerability is in the asmrp_eval function in the Real Media input plugin (src/input/libreal/real.c) and is the result of a buffer overflow provoked by too many entries in the rulebook of a stream. A rulebook contains settings, such as information on filters to be used during play-back etc. A server could send crafted rulebooks to a client.

In addition, the latest version of the xine lib fixes an old vulnerability in the libmms library for processing Microsoft's Streaming Protocol. This vulnerability could also be exploited to infiltrate and execute code. The Linux distributor Ubuntu has already released a patch and other suppliers are expected to follow suit shortly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit