Red Hat Bugzilla – Bug 431541
CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code
Last modified: 2008-04-24 07:47:05 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0486 to the following vulnerability:
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
1.0rc2 and SVN before r25917, and possibly earlier versions, as used
in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
code via a crafted FLAC tag, which triggers a buffer overflow.
Patch in mplayer SVN:
For xine-lib, affected code seems to live in open_flac_file() in
src/demuxers/demux_flac.c . This does not seem to be fixed in xine-lib's HG yet.
Upstream contacted: http://bugs.xine-project.org/show_bug.cgi?id=38
News section on upstream page has:
08.02.2008 xine-lib 184.108.40.206
A new xine-lib version is now available. This release contains a security fix
(array index vulnerability which may lead to a stack buffer overflow,
CVE-2008-0486). There are also two minor bug fixes.
xine-lib-220.127.116.11-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-18.104.22.168-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: