xine-lib libreal and libmms Buffer Overflow Vulnerabilities Date: Tuesday, December 05, 2006 @ 10:43:32 CST Topic: Security SECUNIA ADVISORY ID: SA23218 VERIFY ADVISORY: http://secunia.com/advisories/23218/ CRITICAL: Highly critical IMPACT: DoS, System access SOFTWARE: xine-lib 1.x - http://secunia.com/product/3410/ DESCRIPTION: Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. Successful exploitation may allow the execution of arbitrary code. The vulnerabilities are reported in versions prior to 1.1.3. 1) A vulnerability is caused due to a boundary error within the "real_parse_sdp()" function in src/input/libreal/real.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious server. 2) A buffer overflow exists in the libmms library. For more information: SA20749 SOLUTION: Update to version 1.1.3. PROVIDED AND/OR DISCOVERED BY: 1) Roland Kay ORIGINAL ADVISORY: http://sourceforge.net/project/shownotes.php?release_id=468432 http://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655 OTHER REFERENCES: SA20749: http://secunia.com/advisories/20749/ This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2534