xine-lib libreal og libmms buffer overflows - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

xine-lib libreal og libmms buffer overflows

Secunia Advisory:	SA23218
Udsendt:	2006-12-05

Kritisk:	Meget kritisk
Betydning:	DoS Systemadgang
Hvor:	Fra Internet
Løsning Status:	Producent Patch

Software:	xine-lib 1.x

CVE reference:	CVE-2006-2200 (Secunia mirror) CVE-2006-6172 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Der er rapporteret nogle sårbarheder i xine-lib, som potentielt kan udnyttes af ondsindede personer til at kompromittere en brugers system. 1) En ikke-kontrolleret buffer i "real_parse_sdp()" funktionen i src/input/libreal/real.c kan udnyttes til at forårsage et buffer overflow ved f.eks. at lokke en bruger til at forbinde til en ondsindet server. 2) En ikke-kontrolleret buffer i libmms-biblioteket kan udnyttes til at forårsage et buffer overflow. Yderligere information: SA20749 Succesfuld udnyttelse kan muliggøre eksekvering af vilkårlig kode. Sårbarhederne er rapporteret i versioner tidligere end 1.1.3. Løsning: Opdater til version 1.1.3. Rapporteret af / Kredit: 1) Roland Kay Original Advisory: http://sourceforge.net/project/shownotes.php?release_id=468432 http://sourceforge.net/tracker/index....458&group_id=9655&atid=109655 Andre Kilder: SA20749: http://secunia.com/advisories/20749/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

14 Relaterede Secunia Advisories, displaying 10

1. xine-lib SDP-attributter buffer overflows

2. xine-lib to buffer overflow sårbarheder

3. xine-lib FFmpeg flere buffer overflow sårbarheder

4. xine-lib HTTP-besvarelse heap-korrumpering

5. xine-lib MPEG stream-håndtering buffer overflow

6. xine-lib FFmpeg libavcodec buffer overflow

7. xine-lib CDDB klient strengformatteringssårbarhed

8. xine-lib RTSP- og MMS-streams buffer overflow sårbarheder

9. xine-lib "open_aiff_file()" buffer overflow

10. xine-lib PNM og Real RTSP-klient sårbarheder

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Apple Safari Cross-Domain Cookie Injection Vulnerability

2.	YouTube Blog Multiple Vulnerabilities

3.	dnsmasq Denial of Service and DNS Cache Poisoning

4.	Moodle Script Insertion and Cross-Site Request Forgery

5.	Asterisk Two Denial of Service Vulnerabilities

6.	IPCop update for various packages

7.	SocialEngine SQL Injection and Code Execution

8.	Geeklog Forum Plugin Search Cross-Site Scripting Vulnerability

9.	Ubuntu update for dnsmasq

10.	Claroline Multiple Cross-Site Scripting Vulnerabilities