blob: ec0416845f4d9d77093ff3c5c4f691f8c8f52025 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200510-08">
<title>xine-lib: Format string vulnerability</title>
xine-lib contains a format string error in CDDB response handling that may
be exploited to execute arbitrary code.
<product type="ebuild">xine-lib</product>
<announced>October 08, 2005</announced>
<revised>October 08, 2005: 01</revised>
<package name="media-libs/xine-lib" auto="yes" arch="*">
<unaffected range="ge">1.1.0-r5</unaffected>
<unaffected range="rge">1.0.1-r4</unaffected>
<unaffected range="rge">1_rc8-r2</unaffected>
<vulnerable range="lt">1.1.0-r5</vulnerable>
xine-lib is a multimedia library which can be utilized to create
multimedia frontends. It includes functions to retrieve information
about audio CD contents from public CDDB servers.
Ulf Harnhammar discovered a format string bug in the routines
handling CDDB server response contents.
<impact type="normal">
An attacker could submit malicious information about an audio CD
to a public CDDB server (or impersonate a public CDDB server). When the
victim plays this CD on a multimedia frontend relying on xine-lib, it
could end up executing arbitrary code.
There is no known workaround at this time.
All xine-lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib</code>
<uri link="">CAN-2005-2967</uri>
<metadata tag="submitter" timestamp="Fri, 07 Oct 2005 11:30:51 +0000">
<metadata tag="bugReady" timestamp="Sat, 08 Oct 2005 16:01:28 +0000">