VULHUB ™

Two buffer overflows are reported to exist in Xine-lib. These issues are exploitable through malicious VideoCDs or subtitle text content, and may allow for the execution of arbitrary code in the context of the user invoking Xine. Attackers can overwrite critical memory structures and return addresses in order to control the flow of execution of the application. The first vulnerability presents itself when the affected application attempts to read malicious ISO disk labels from VideoCDs. The second vulnerability presents itself when the affected application attempts to parse malicious text subtitle data. Xine-lib versions 1-rc2 though 1-rc5 are reported vulnerable to these issues.

Two buffer overflows are reported to exist in Xine-lib. These issues are exploitable through malicious VideoCDs or subtitle text content, and may allow for the execution of arbitrary code in the context of the user invoking Xine. Attackers can overwrite critical memory structures and return addresses in order to control the flow of execution of the application. The first vulnerability presents itself when the affected application attempts to read malicious ISO disk labels from VideoCDs. The second vulnerability presents itself when the affected application attempts to parse malicious text subtitle data. Xine-lib versions 1-rc2 though 1-rc5 are reported vulnerable to these issues.