VLC Format String Vulnerability also in XINE

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: VLC Format String Vulnerability also in XINE
From: Sven.Czaja@xxxxxx
Date: 10 Jan 2007 15:15:47 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi,

I have read about 
Bugtraq ID: 21852
I tried the demo-exploit from 
http://www.securityfocus.com/data/vulnerabilities/exploits/VLCMediaSlayer-x86.pl
Then I tried to play the file in xine and got ...

This is xine (X11 gui) - a free video player v0.99.4.
(c) 2000-2004 The xine Team.
xiTK received SIGSEGV signal, RIP.
Aborted

My system is an up-to-date SUSE LINUX 10.1 (i586)
I think xine has also this vulnerability.

Regards Sven

Prev by Date: Re: [Full-disclosure] 0trace - traceroute on established connections
Next by Date: [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities
Previous by thread: Re: [_SUSPEKT] - Re: [Full-disclosure] iDefense Q-1 2007 Challenge - Bayesian Filter detected spam
Next by thread: [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities
Index(es):
- Date
- Thread