Pardus: Xvid: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
Some vulnerabilities have been reported in Xvid, which can be exploited by malicious people to potentially compromise an application using the library.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-86            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-06-13
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been reported in Xvid, which can be exploited
by malicious people to potentially compromise an application using  the
library.


Description
===========

The vulnerabilities are  caused  due  to  boundary  errors  within  the
"decoder_iframe()", "decoder_pframe()", and "decoder_bframe()" functions
in src/decoder.c. These can be exploited to potentially corrupt  memory
via specially crafted video files.

Successful exploitation may allow execution of arbitrary code.



Affected packages:

  Pardus 2008:
    xvid, all before 1.1.3-8-2


Resolution
==========

There are update(s) for xvid. You can update them via Package Manager or
with a single command from console:

    pisi up xvid

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9913
  * http://www.xvid.org/News.64.0.html?&a...[backPid]=64&tx_ttnews[tt_news]=7
  * http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81
  * http://secunia.com/advisories/35274