Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200607-07
HistoryJul 20, 2006 - 12:00 a.m.

xine-lib: Buffer overflow

2006-07-2000:00:00
Gentoo Foundation
security.gentoo.org
12

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.044

Percentile

92.4%

JSON

Background

xine-lib is the core library of xine, a multimedia player.

Description

There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the send_command, string_utf16, get_data and get_media_packet functions.

Impact

A remote attacker could design a malicious media file that would trigger the overflow, potentially resulting in the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All xine-lib users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/xine-lib< 1.1.2-r2UNKNOWN

Related

nessus 8
openvas 9
prion 1
nvd 1
slackware 1
debiancve 1
ubuntu 1
freebsd 2
cvelist 1
ubuntucve 1
cve 1
securityvulns 1
nessus
nessus
Ubuntu 5.10 : libmms vulnerability (USN-309-1)
2007-11-10 00:00:00
Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:121)
2006-07-13 00:00:00
Ubuntu 5.04 / 5.10 / 6.06 LTS : libmms, xine-lib vulnerabilities (USN-315-1)
2007-11-10 00:00:00
openvas
openvas
Slackware Advisory SSA:2006-357-05 xine-lib
2012-09-11 00:00:00
FreeBSD Ports: libmms
2008-09-04 00:00:00
FreeBSD Ports: libmms
2008-09-04 00:00:00
prion
prion
Stack overflow
2006-06-28 01:45:00
nvd
nvd
CVE-2006-2200
2006-06-28 01:45:00
slackware
slackware
[slackware-security] xine-lib
2006-12-24 02:29:57
debiancve
debiancve
CVE-2006-2200
2006-06-28 01:45:00
ubuntu
ubuntu
libmms vulnerability
2006-07-06 00:00:00
freebsd
freebsd
libmms -- stack-based buffer overflow
2006-05-04 00:00:00
libxine -- multiple buffer overflow vulnerabilities
2006-05-04 00:00:00
cvelist
cvelist
CVE-2006-2200
2006-06-27 19:00:00
ubuntucve
ubuntucve
CVE-2006-2200
2006-06-27 00:00:00
cve
cve
CVE-2006-2200
2006-06-28 01:45:00
securityvulns
securityvulns
[Full-disclosure] [USN-309-1] libmms vulnerability
2006-07-06 00:00:00

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.044

Percentile

92.4%

JSON
Related for GLSA-200607-07
nessus8openvas9prion1nvd1slackware1debiancve1ubuntu1freebsd2cvelist1ubuntucve1cve1securityvulns1