CVE-2009-1274

Publication date 8 April 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.

Read the notes from the security team

Status

Package Ubuntu Release Status
xine-lib 8.10 intrepid
Fixed 1.1.15-0ubuntu3.3
8.04 LTS hardy
Fixed 1.1.11.1-1ubuntu3.4
7.10 gutsy Ignored end of life, was needs-triage
6.06 LTS dapper
Fixed 1.1.1+ubuntu2-7.12

Notes

mdeslaur

when fixing this, need to also fix a missing part of CVE-2009-0698 http://hg.debian.org/hg/xine-lib/xine-lib/rev/7799748cc0f2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
xine-lib

References

Related Ubuntu Security Notices (USN)

    • USN-763-1
    • xine-lib vulnerabilities
    • 20 April 2009

Other references