xine-lib media library slips up when streaming
A security vulnerability in the open source xine-lib library has been reported by Luigi Auriemma. It can be exploited by attackers using crafted Real Time Streaming Protocol (RTSP) data streams to inject malicious code. An update from the Xine development team is not yet available.
The rmff_dump_header function in the input/libreal/rmff.c file fails to take account of the header length when processing streams, which can result in a buffer overflowing on the heap. This can lead to execution of injected code.
The Xine development team only released the current version of the library on Sunday. No fix is available at the time of publication. Media players based on xine-lib such as totem and kaffeine are also affected. Until an update is available from Linux distributors, users should avoid opening RTSP data streams using xine-lib. The mplayer project also uses files from the Xine project, but its developers have incorporated length checking, making it unaffected by the flaw.
- heap overflow in rmff_dump_header, security advisory from Luigi Auriemma