FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- multiple vulnerabilities in VideoCD handling

Affected packages
1.0.r2 <= libxine < 1.0.r6


VuXML ID b6939d5b-64a1-11d9-9106-000a95bc6fae
Discovery 2004-09-07
Entry 2005-01-12

A xine security announcement states:

Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbitrary code with the permissions of the user running a xine-lib based media application.

Stack-based string overflows have been found:

  1. in the code which handles VideoCD MRLs
  2. in VideoCD code reading the disc label
  3. in the code which parses text subtitles and prepares them for display