Vulnerabilities > CVE-2006-1664 - Buffer Overflow vulnerability in Xine-Lib Malformed MPEG Stream
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
| description | Libxine <= 1.14 MPEG Stream Buffer Overflow Vulnerability PoC. CVE-2006-1664,CVE-2008-1110. Dos exploit for linux platform |
| file | exploits/linux/dos/1641.pl |
| id | EDB-ID:1641 |
| last seen | 2016-01-31 |
| modified | 2006-04-04 |
| platform | linux |
| port | |
| published | 2006-04-04 |
| reporter | Federico L. Bossi Bonin |
| source | https://www.exploit-db.com/download/1641/ |
| title | Libxine <= 1.14 MPEG Stream Buffer Overflow Vulnerability PoC |
| type | dos |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-1047.NASL description Maintenance/security fix release 1.1.10. http://sourceforge.net/project/shownotes.php?group_id=9655&release_id= 571608 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30115 published 2008-01-29 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30115 title Fedora 7 : xine-lib-1.1.10-1.fc7 (2008-1047) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200604-16.NASL description The remote host is affected by the vulnerability described in GLSA-200604-16 (xine-lib: Buffer overflow vulnerability) Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the input data supplied by the user before copying it to an insufficiently sized memory buffer. Impact : A remote attacker could entice a user to play a specially crafted MPEG file, resulting in the execution of arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21298 published 2006-04-28 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21298 title GLSA-200604-16 : xine-lib: Buffer overflow vulnerability NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6ECD0B42CE7711DC89B1000E35248AD7.NASL description xine project reports : A new xine-lib version is now available. This release contains a security fix (remotely-exploitable buffer overflow, CVE-2006-1664). (This is not the first time that that bug has been fixed...) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9. last seen 2020-06-01 modified 2020-06-02 plugin id 30127 published 2008-01-30 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30127 title FreeBSD : libxine -- buffer overflow vulnerability (6ecd0b42-ce77-11dc-89b1-000e35248ad7) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200802-12.NASL description The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code) Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110). Impact : A remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 31295 published 2008-02-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31295 title GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2008-1043.NASL description Maintenance/security fix release 1.1.10. http://sourceforge.net/project/shownotes.php?group_id=9655&release_id= 571608 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30114 published 2008-01-29 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30114 title Fedora 8 : xine-lib-1.1.10-1.fc8 (2008-1043)
References
- http://bugs.gentoo.org/show_bug.cgi?id=128838
- http://secunia.com/advisories/19853
- http://secunia.com/advisories/19856
- http://secunia.com/advisories/28666
- http://securitytracker.com/id?1015868
- http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608
- http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml
- http://www.securityfocus.com/bid/17370
- http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25670
- https://www.exploit-db.com/exploits/1641
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html