[XviD-devel] Security Bug in Xvid-core
Dirk Knop
dknop at stud.uni-goettingen.de
Wed Jun 27 12:09:15 CEST 2007
Hello everyone,
I just found a security advisory by Secunia:
"Trixter Jack has reported a vulnerability in the Xvid library, which
can be exploited by malicious people to compromise an application using
the library.
The vulnerability is caused due to an array indexing error in the
"get_intra_block()" function within src/bitstream/mbcoding.c while
processing Xvid Avi files. This can be exploited to corrupt memory via a
specially crafted file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly also affects the "get_inter_block_h263()"
and "get_inter_block_mpeg()" functions.
The vulnerability is reported in version 1.1.2"
http://secunia.com/advisories/25711/
I didn't do a cvs checkout for a long time, but is there a fix available
already? Should we roll out a new version asap?
Best regards
Dirk
More information about the XviD-devel
mailing list