Packet Storm

Mandriva Linux Security Advisory 2009-299: Posted Nov 17, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-299 - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. This update fixes these issues.; tags | advisory, remote, denial of service, overflow, arbitrary; systems | linux, mandriva; advisories | CVE-2009-1274, CVE-2009-0698; SHA-256 | 281d6a15f383eabd030d4a0d230719306faf859d62b9cd042d5e97ddc38ec6a2; Download | Favorite | View

Related Files

No related files