Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Apr 2009 13:59:58 -0400 (EDT)
From: "Steven M. Christey" <>
To: oss-security <>
Subject: Re: CVE Request (xine-lib)

Name: CVE-2009-1274
Status: Candidate
Reference: BUGTRAQ:20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow
Reference: URL:
Reference: MISC:
Reference: CONFIRM:
Reference: CONFIRM:
Reference: OSVDB:53288
Reference: URL:
Reference: SECTRACK:1021989
Reference: URL:
Reference: SECUNIA:34593
Reference: URL:
Reference: VUPEN:ADV-2009-0937
Reference: URL:
Reference: XF:xinelib-demuxqt-bo(49714)
Reference: URL:

Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.