FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- array index vulnerability

Affected packages
libxine < 1.1.12


VuXML ID 7a7c5853-10a3-11dd-8eb8-00163e000016
Discovery 2008-04-06
Entry 2008-04-24

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)


CVE Name CVE-2008-1686