xine-lib: integer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2009-1274
|
| Created: | April 9, 2009 |
Updated: | June 1, 2010 |
| Description: |
From the National Vulnerability Database entry:
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. |
| Alerts: |
| Gentoo |
201006-04 |
xine-lib |
2010-06-01 |
| Mandriva |
MDVSA-2009:319 |
xine-lib |
2009-12-05 |
| Mandriva |
MDVSA-2009:298 |
xine-lib |
2009-11-13 |
| SuSE |
SUSE-SR:2009:011 |
java, realplayer, acroread, apache2-mod_security2, cyrus-sasl, wireshark, ganglia-monitor-core, ghostscript-devel, libwmf, libxine1, net-snmp, ntp, openssl |
2009-06-09 |
| Mandriva |
MDVSA-2009:299 |
xine-lib |
2009-11-13 |
| Ubuntu |
USN-763-1 |
xine-lib |
2009-04-20 |
| Fedora |
FEDORA-2009-3433 |
xine-lib |
2009-04-09 |
| Fedora |
FEDORA-2009-3428 |
xine-lib |
2009-04-09 |
|