diff options
| author | Matthias Hopf <mhopf@suse.de> | 2009-01-04 17:21:46 +0000 | 
|---|---|---|
| committer | Matthias Hopf <mhopf@suse.de> | 2009-01-04 17:21:46 +0000 | 
| commit | 6310414eccaadf292b3b32a4423ebf5c1e3e7255 (patch) | |
| tree | 35c4d984871fc9a14eae92f2951a3d95e569b030 /src/libmpeg2/header.c | |
| parent | 104278cb4cf805fc875ebd49b4a4b8f369b91c7d (diff) | |
| download | xine-lib-6310414eccaadf292b3b32a4423ebf5c1e3e7255.tar.gz xine-lib-6310414eccaadf292b3b32a4423ebf5c1e3e7255.tar.bz2 | |
Fix for CVE-2008-5234.
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
versions before 1.1.15, allow remote attackers to execute arbitrary
code via vectors related to (1) a crafted metadata atom size processed
by the parse_moov_atom function in demux_qt.c and (2) frame reading in
the id3v23_interp_frame function in id3.c.  NOTE: as of 20081122, it is
possible that vector 1 has not been fixed in 1.1.15.
      case ( FOURCC_TAG('C', 'O', 'M', 'M') ):
        _x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);
Diffstat (limited to 'src/libmpeg2/header.c')
0 files changed, 0 insertions, 0 deletions
