Upstream information
Description
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry: 473825 SUSE Security Advisories:- SUSE-SR:2009:009, published Tue, 21 Apr 2009 15:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sle10-sp2-sdk.s390x sle10-sp2-sdk.ia64 sled10-sp2.x86 ZYPP Patch Nr: 6050 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T |
| sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sle10-sp2-sdk.s390x sle10-sp2-sdk.ia64 sled10-sp2.x86 ZYPP Patch Nr: 6050 |
| openSUSE 10.3 |
|
