An open security advisory #6 - Xine vcd MRL input identifier management overflow

vendor:

Xine

by:

c0ntex

5.5

CVSS

MEDIUM

Buffer Overflow

CWE

Product Name: Xine

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux, UNIX

2004

An open security advisory #6 – Xine vcd MRL input identifier management overflow

There is a generic stack-based buffer overflow in all versions of Xine-lib, including Xine-lib-rc5, that allows for local and remote malicious code execution. By overflowing the vcd:// input source identifier buffer, it is possible to modify the instruction pointer with a value that a malicious attacker can control.

Mitigation:

Patch the Xine-lib to fix the buffer overflow vulnerability.

Source

An open security advisory #6 – Xine vcd MRL input identifier management overflow

Mitigation:

Exploit-DB raw data: