• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability

Solution:
The vulnerability is eliminated in version 1-rc6. The author has also made a source-code patch available:

http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libspudec/spu.c?r1=1.77&r2=1.78&diff_format=u

Please see the referenced vendor advisories for more information.


xine xine-lib 1-rc2

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc3a

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc5

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc3b

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc2

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc3b

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc3a

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc4

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc3

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc3c

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc4

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc3

• Mandrake lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc5

• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d