Description: Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.
The vulnerability is confirmed in version 1.1.12. Other versions may also be affected.
Solution: Do not open process untrusted files with xine-lib.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
