oss-sec mailing list archives
Re: xine-lib and ocert-2008-008
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 3 Dec 2008 20:03:07 +0100
Hi, * Steven M. Christey <coley () linus mitre org> [2008-11-26 09:27]: [...]
====================================================== Name: CVE-2008-5248 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5248 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=619869 xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=60ab5d2bdd82 This is the corresponding upstream patch. 139 i = len - 1; 140 141 while ((i >= 0) && ((unsigned char)str[i] <= 32)) { 142 str[i] = 0; 143 i--; 144 } If len is size_t this is the problematic code if i len is 0 this will result in a 0 bytes written all over the memory because of integer promotion. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- xine-lib and ocert-2008-008 Thomas Viehmann (Nov 22)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)
- Re: Bug#498243: xine-lib and ocert-2008-008 Darren Salt (Nov 26)
- Re: xine-lib and ocert-2008-008 Steven M. Christey (Nov 25)
- Re: xine-lib and ocert-2008-008 Andrea Barisani (Nov 26)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)