CVE-2008-1878
Published: 17 April 2008
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
Notes
Author | Note |
---|---|
jdstrand | PoC http://www.milw0rm.com/exploits/5458 |
Priority
Status
Package | Release | Status |
---|---|---|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.9)
|
feisty |
Released
(1.1.4-2ubuntu3.1)
|
|
gutsy |
Released
(1.1.7-1ubuntu1.3)
|
|
hardy |
Released
(1.1.11.1-1ubuntu3.1)
|
|
upstream |
Released
(1.1.14)
|
|
Patches: vendor: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html |