Ubuntu Security Notice 635-1 - Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu.
99d390c6edf6c39134bcdba1921abab340fd7b8da4de5350fcc4a3b2f854f9bf
Debian Security Advisory 1536-1 - Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.
fab16d0e5e9613a38e131a5540e6b1deca18ee6d6d803c2faf22cc0f1e8ea324
Gentoo Linux Security Advisory GLSA 200803-16 - Multiple vulnerabilities have been discovered in MPlayer, possibly allowing for the remote execution of arbitrary code. Versions less than 1.0_rc2_p25993 are affected.
e5cf9ec774434f48b6875500151b5b3caf3a88165b2a32cf5e2996a048e7bac5
Gentoo Linux Security Advisory GLSA 200802-12 - Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered. Versions less than 1.1.10.1 are affected.
0cacd54cfae9fb2047f86db8000a63689e32a991f03a64e0f671e6df2ba0a24d
Mandriva Linux Security Advisory - An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.
9bc0709c3e2253a5ac2e2ccc843d6ce054400307d2d10e372a45a5d2dd099f59
Mandriva Linux Security Advisory - An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.
b63cc33787bed0b574331ef0a3ae065d90e67751a651282455db517ccfae2590
Mandriva Linux Security Advisory - Multiple heap-based buffer overflow vulnerabilities along with various array index flaws allow for arbitrary code execution in mplayer.
f1bcf0cf473fccd78e6b2308c1d9435a3aa262e40d0aead2dc19974921211ce7
Debian Security Advisory 1496-1 - Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files. Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing. Adam Bozanich discovered a buffer overflow in the CDDB access code. Adam Bozanich discovered a buffer overflow in URL parsing.
c361d51d6f24230ed4e54481cadc697f2445ea513792e3be9d71f8ed668a8eb2
Core Security Technologies Advisory - The MPlayer package is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers. The vulnerability is due to MPlayer not properly sanitizing certain tags on a FLAC file before using them to index an array on the stack. This can be exploited to execute arbitrary commands by opening a specially crafted file.
4f26f825d9d87a14dfee920c490ae23831e4808a1935ecb75aa6972cd2fc2274