Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0486 to the following vulnerability: Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. References: http://www.securityfocus.com/archive/1/archive/1/487501/100/0/threaded http://www.coresecurity.com/?action=item&id=2103 http://www.securityfocus.com/bid/27441
Patch in mplayer SVN: http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_audio.c?r1=25911&r2=25917 For xine-lib, affected code seems to live in open_flac_file() in src/demuxers/demux_flac.c . This does not seem to be fixed in xine-lib's HG yet.
Upstream contacted: http://bugs.xine-project.org/show_bug.cgi?id=38
News section on upstream page has: 08.02.2008 xine-lib 1.1.10.1 A new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow, CVE-2008-0486). There are also two minor bug fixes.
xine-lib-1.1.10.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-1.1.10.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1581 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1543