Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
maintainers - please advise
xine-lib-22.214.171.124 in the tree should fix this:
* Security fixes:
- Array index vulnerability which may allow remote attackers to execute
arbitrary code via a crafted FLAC tag, causing a stack buffer overflow.
* Fix a RealPlayer codec detection bug.
* Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag
Is 126.96.36.199 ready for stable marking?
(In reply to comment #3)
> Is 188.8.131.52 ready for stable marking?
should be, its 1.1.10 plus the three bugfixes I cited
Arches please test and mark stable. Target keywords are:
xine-lib-184.108.40.206.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
ppc64 stable; thanks
Stable for HPPA.
alpha/ia64 stable, thanks Tobias
Fixed in release snapshot.
GLSA 200802-12, thanks everyone.
Please note that this update also fixed CVE-2008-1161.