Xine-Lib Removes Vulnerabilities

Apr 02, 2008

The second update of the Xine-Lib video back-end within a month, closes down a number of integer overflows that were described in CVE-2008-1482.

Previously, attackers could craft a video file to take control of the player with user level privileges. Besides the security updates, the release sees the introduction of a number of minor improvements, including reworked memory management tests, a number of plausibility checks for playing WAV files, and improvements to individual decoders.

Debian has responded to the vulnerabilities by releasing new packages that also remove various previous issues. Red Hat classifies the bugs as "known"; we were unable to ascertain any tangible facts on OpenSUSE's handling of the vulnerabilities.

Related content

comments powered by Disqus

Issue 175/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia