Novell Home

CVE-2009-1274

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-1274 at MITRE

Details

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
Novell Bugzilla entry: 492767

SUSE Security Advisories:

Product(s) Fixed package version(s) References
SLE 11
SLED 11
  • libxine1 >= 1.1.15-23.2.1
 sle11. s390x
sle11. x86-64
sle11. ia64
sle11. ppc
sle11. x86
sle11. x86
sle11. x86-64
SAT Patch Nr: 857
SLE 11
  • libxine1 >= 1.1.15-23.2.1
  • libxine1-32bit >= 1.1.15-23.2.1
 sle11. s390x
sle11. x86-64
sle11. ia64
sle11. ppc
sle11. x86
sle11. x86
sle11. x86-64
SAT Patch Nr: 857
Novell Linux Desktop 9 for x86
  • xine-lib >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
Novell Linux Desktop 9 for x86_64
  • xine-lib >= 0.99.rc3a-106.51
  • xine-lib-32bit >= 9-200905071455
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
SLES SDK 9 for IPF
  • xine-devel >= 0.99.rc3a-106.51
  • xine-extra >= 0.99.rc3a-106.51
  • xine-lib >= 0.99.rc3a-106.51
  • xine-lib-x86 >= 9-200905071455
  • xine-ui >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
SLES SDK 9 for IBM iSeries and IBM pSeries
  • xine-devel >= 0.99.rc3a-106.51
  • xine-extra >= 0.99.rc3a-106.51
  • xine-lib >= 0.99.rc3a-106.51
  • xine-lib-64bit >= 9-200905071446
  • xine-ui >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for x86
  • xine-devel >= 0.99.rc3a-106.51
  • xine-extra >= 0.99.rc3a-106.51
  • xine-lib >= 0.99.rc3a-106.51
  • xine-ui >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
SLES SDK 9 for IBM zSeries
  • xine-devel >= 0.99.rc3a-106.51
  • xine-extra >= 0.99.rc3a-106.51
  • xine-lib >= 0.99.rc3a-106.51
  • xine-lib-32bit >= 9-200905071440
  • xine-ui >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
SLES SDK 9 for X86-64
  • xine-devel >= 0.99.rc3a-106.51
  • xine-extra >= 0.99.rc3a-106.51
  • xine-lib >= 0.99.rc3a-106.51
  • xine-lib-32bit >= 9-200905071455
  • xine-ui >= 0.99.rc3a-106.51
 sles9-nld. x86-64
sles9-nld. x86
core9. s390
core9. x86-64
core9. ppc
core9. ia64
core9. x86
core9. s390x
YOU Patch Nr: 12414
openSUSE 11.1
  • libxine1 >= 1.1.15-23.4.1
  • libxine1-32bit >= 1.1.15-23.4.1
 SAT Patch Nr: 856
openSUSE 10.3
  • xine-devel >= 1.1.8-14.16
  • xine-extra >= 1.1.8-14.16
  • xine-lib >= 1.1.8-14.16
  • xine-lib-32bit >= 1.1.8-14.16
  • xine-lib-64bit >= 1.1.8-14.16
 ZYPP Patch Nr: 6230
SAT Patch Nr: 861
openSUSE 11.0
  • xine-lib-debuginfo >= 1.1.12-8.7
  • xine-lib-debugsource >= 1.1.12-8.7
 ZYPP Patch Nr: 6230
SAT Patch Nr: 861
openSUSE 11.0
  • xine-devel >= 1.1.12-8.7
  • xine-extra >= 1.1.12-8.7
  • xine-lib >= 1.1.12-8.7
  • xine-lib-32bit >= 1.1.12-8.7
  • xine-lib-64bit >= 1.1.12-8.7
 ZYPP Patch Nr: 6230
SAT Patch Nr: 861
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • xine-devel >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
  • xine-devel >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
  • xine-lib-32bit >= 1.1.1-24.48
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229
SLE SDK 10 SP2 for x86
  • xine-devel >= 1.1.1-24.48
  • xine-extra >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
  • xine-ui >= 0.99.4-32.44
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229
SLE SDK 10 SP2 for IPF
  • xine-devel >= 1.1.1-24.48
  • xine-extra >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
  • xine-lib-x86 >= 1.1.1-24.48
  • xine-ui >= 0.99.4-32.44
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
  • xine-devel >= 1.1.1-24.48
  • xine-extra >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
  • xine-lib-64bit >= 1.1.1-24.48
  • xine-ui >= 0.99.4-32.44
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for X86-64
  • xine-devel >= 1.1.1-24.48
  • xine-extra >= 1.1.1-24.48
  • xine-lib >= 1.1.1-24.48
  • xine-lib-32bit >= 1.1.1-24.48
  • xine-ui >= 0.99.4-32.44
 sles10-sp2-sdk. s390x
sled10-sp2. x86
sles10-sp2-sdk. x86-64
sled10-sp2. x86-64
sles10-sp2-sdk. x86
sles10-sp2-sdk. ia64
sles10-sp2-sdk. ppc
ZYPP Patch Nr: 6229

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.