MDVSA-2008:046-1 -- Mandriva xine-libID: oval:org.secpod.oval:def:301375 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched to prevent this issue. Update: The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.
Platform: |
Mandriva Linux 2007.1 |
Mandriva Linux 2008.0 |