Multiple buffer overflow flaws were discovered in xine-lib.
The vulnerabilities are caused due to integer overflow errors when
allocating memory in src/demuxers/demux_flv.c,
src/demuxers/demux_wc3movie.c, src/demuxers/ebml.c, and
src/demuxers/demux_film.c. These can be exploited to cause heap-based
buffer overflows via overly large fields included in e.g. FLV, MOV,
RM, MVE, MKV, and CAK files.
See original advisory for details:
FWIW, they should _all_ be fixed in 1.2 series, I suppose backporting the
relevant changes, if possible, would solve the issue. 1.2 makes good use of
calloc rather than using malloc directly.
CVE name was requested.
I'm working on updating F-8+ to 22.214.171.124 which should fix this issue.
xine-lib-126.96.36.199-1.fc8 has been submitted as an update for Fedora 8
xine-lib-188.8.131.52-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update xine-lib'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-2849
FWIW, it was not my intention to push this to testing but directly to stable,
but once again I could not convince Bodhi to do that.
xine-lib-184.108.40.206-1.fc7 has been submitted as an update for Fedora 7
xine-lib-220.127.116.11-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-18.104.22.168-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.