SECUNIA ADVISORY ID: SA23218

VERIFY ADVISORY: http://secunia.com/advisories/23218/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: xine-lib 1.x - http://secunia.com/product/3410/

DESCRIPTION: Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. Successful exploitation may allow the execution of arbitrary code. The vulnerabilities are reported in versions prior to 1.1.3.

1) A vulnerability is caused due to a boundary error within the "real_parse_sdp()" function in src/input/libreal/real.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious server.

2) A buffer overflow exists in the libmms library. For more information: SA20749

SOLUTION: Update to version 1.1.3.

PROVIDED AND/OR DISCOVERED BY: 1) Roland Kay

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=468432
http://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655

OTHER REFERENCES: SA20749: http://secunia.com/advisories/20749/