Description: Federico L. Bossi Bonin has reported a vulnerability in xine-lib, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is cause due to a boundary error within the handling of MPEG streams. This can be exploited to cause a buffer overflow and may allow arbitrary code execution via a specially-crafted MPEG file.
The vulnerability has been reported in libxine 1.14 that is distributed in xine-lib 1.1.1. Other versions may also be affected.
Solution: Update to version 1.1.10.
Provided and/or discovered by: Federico L. Bossi Bonin
Changelog: 2008-01-29: Updated "Solution" section.
2008-03-17: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
