VULHUB ™

Multiple buffer overflow vulnerabilities are reported to exist in the xine and MPlayer utilities. The following issues are reported: Several buffer overflow vulnerabilities are reported to exist in the 'pnm_get_chunk()' function. Reports indicate that the vulnerabilities present themselves in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 'pnm_get_chunk()'. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server. An additional buffer overflow vulnerability is reported to exist in the PNA_TAG handling code of the 'pnm_get_chunk()' function. It is reported that supplied PNA_TAG data is copied into a finite buffer without sufficient boundary checks. This results in memory corruption. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility...

Multiple buffer overflow vulnerabilities are reported to exist in the xine and MPlayer utilities. The following issues are reported: Several buffer overflow vulnerabilities are reported to exist in the 'pnm_get_chunk()' function. Reports indicate that the vulnerabilities present themselves in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 'pnm_get_chunk()'. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server. An additional buffer overflow vulnerability is reported to exist in the PNA_TAG handling code of the 'pnm_get_chunk()' function. It is reported that supplied PNA_TAG data is copied into a finite buffer without sufficient boundary checks. This results in memory corruption. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server.