FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- buffer overflow vulnerability

Affected packages
libxine < 1.1.1_6

Details

VuXML ID 107e2ee5-f941-11da-b1fa-020039488e34
Discovery 2006-05-31
Entry 2006-06-11

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).

References

Bugtraq ID 18187
CVE Name CVE-2006-2802
URL http://secunia.com/advisories/20369