Vigil@nce: xine-lib, memory corruption via ASF
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to display a malicious ASF
document with an application linked to xine-lib, in order to
create a denial of service, and possibly to execute code on his
computer.
– Severity: 2/4
– Creation date: 25/11/2010
DESCRIPTION OF THE VULNERABILITY
The xine-lib library processes multimedia contents. It is used by
several software.
The asf_header_parse_stream_properties() function of the
asfheader.c file analyzes fields of the header of an ASF
multimedia file. When the data size is invalid, this function
prematurely exits, and frees a memory area. However, the address
of this memory area is not initialized, which corrupts the memory.
An attacker can therefore invite the victim to display a malicious
ASF document with an application linked to xine-lib, in order to
create a denial of service, and possibly to execute code on his
computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/xine-lib-memory-corruption-via-ASF-10154