Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Novell Linux Desktop 9 SDK for x86 Novell Linux Desktop 9 SDK for x86_64 openSUSE 10.3 openSUSE 11.0 SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for x86 SLES SDK 9 for X86-64 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4