Jump to content

Advisories (MDKSA-2006:108 ): xine-lib


Recommended Posts

Mandriva Advisories MDKSA-2006:108 : xine-lib


Updated xine-lib packages fix buffer overflow vulnerabilities

June 20th, 2006


A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib


1.1.1 allows remote attackers to cause a denial of service (application


crash) via a long reply from an HTTP server, as demonstrated using gxine


0.5.6. (CVE-2006-2802)




In addition, a possible buffer overflow exists in the AVI demuxer,


similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release


of xine-lib does not have this issue.




The updated packages have been patched to correct these issues.



The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:



Other references:



Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Link to comment
Share on other sites


  • Create New...