CVE-2008-1161

Publication date 10 March 2008

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xine-lib	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 1.1.7-1ubuntu1.3
	7.04 feisty	Fixed 1.1.4-2ubuntu3.1
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.1.1+ubuntu2-7.9

Notes

jdstrand

note that 1.1.11.1-1ubuntu3 fixed a Matroska regression-- may need both hg.debian.org commits regression not introduced as part of the security patch

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xine-lib	Vendor: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb Vendor: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=ff20b8db74ea;style=raw Vendor: http://www.debian.org/security/2008/dsa-1536

CVE-2008-1161

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references