Some vulnerabilities have been reported in Xvid, which can be exploited by malicious people to potentially compromise an application using the library.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-86 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-06-13
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
=======
Some vulnerabilities have been reported in Xvid, which can be exploited
by malicious people to potentially compromise an application using the
library.
Description
===========
The vulnerabilities are caused due to boundary errors within the
"decoder_iframe()", "decoder_pframe()", and "decoder_bframe()" functions
in src/decoder.c. These can be exploited to potentially corrupt memory
via specially crafted video files.
Successful exploitation may allow execution of arbitrary code.
Affected packages:
Pardus 2008:
xvid, all before 1.1.3-8-2
Resolution
==========
There are update(s) for xvid. You can update them via Package Manager or
with a single command from console:
pisi up xvid
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9913
* http://www.xvid.org/News.64.0.html?&a...[backPid]=64&tx_ttnews[tt_news]=7
* http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81
* http://secunia.com/advisories/35274