• IDP Daily Update #1247
  posted: 08/20/08
  
• NSM Daily Update #1247
  posted: 08/20/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1247
  posted: 08/20/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1227
  posted: 08/20/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 08/20/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: xine-lib NES Sound Format Demuxer 'copyright' Buffer Overflow Vulnerability

Severity: HIGH

Description:

The 'xine-lib' library allows various media players to play various media formats. The library is a plugin for RealMedia. It is available for UNIX, Linux, Mac OS X, and other UNIX-like operating systems.

The library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when processing it with the NES Sound Format demuxer. This vulnerability resides in the 'demuxers/demux_nsf.c' file. Specifically, the application fails to check the length of user-supplied data before copying it to the 'copyright' variable.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects xine-lib 1.1.12 and prior versions.

UPDATE (April 24, 2008): Guido Landi states that this is not a vulnerability because the buffer cannot be overrun. Symantec has not confirmed this.

Affected Products:

• xine xine-lib 1.1.0
• xine xine-lib 1.1.1
• xine xine-lib 1.1.10
• xine xine-lib 1.1.10.1
• xine xine-lib 1.1.11
• xine xine-lib 1.1.11.1
• xine xine-lib 1.1.12
• xine xine-lib 1.1.2
• xine xine-lib 1.1.3
• xine xine-lib 1.1.4
• xine xine-lib 1.1.9
• xine xine-lib 1.1.9.1

References:

• xine: Vendor Home Page