Vigil@nce: xine-lib, integer overflow via Quicktime STTS
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious Quicktime video in order to
execute code on computers of xine-lib users.
Severity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 06/04/2009
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The xine-lib library implements several video formats.
The parse_trak_atom() function of the demuxers/demux_qt.c file
does not validate an integer coming from a Quicktime document. An
integer overflow then occurs and leads to a memory corruption.
An attacker can therefore create a malicious file to execute code
or cause a denial of service on computer of victims accepting to
open it with a program linked to xine-lib.
CHARACTERISTICS
Identifiers: BID-34384, CVE-2009-1274, FEDORA-2009-3428,
FEDORA-2009-3433, TKADV2009-005, VIGILANCE-VUL-8603
http://vigilance.fr/vulnerability/xine-lib-integer-overflow-via-Quicktime-STTS-8603