Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200408-18] xine-lib: VCD MRL buffer overflow Vulnerability Scan

Vulnerability Scan Summary
xine-lib: VCD MRL buffer overflow

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-18
(xine-lib: VCD MRL buffer overflow)

xine-lib contains a bug where it is possible to overflow the vcd:// input
source identifier management buffer through carefully crafted playlists.


A possible hacker may construct a carefully-crafted playlist file which will
cause xine-lib to execute arbitrary code with the permissions of the user.
In order to conform with the generic naming standards of most Unix-like
systems, playlists can have extensions other than .asx (the standard xine
playlist format), and made to look like another file (MP3, AVI, or MPEG for
example). If a possible hacker crafts a playlist with a valid header, they can
insert a VCD playlist line that can cause a buffer overflow and possible
shellcode execution.


There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of xine-lib.


All xine-lib users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/xine-lib-1_rc5-r3"
# emerge ">=media-libs/xine-lib-1_rc5-r3"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.