CVE-2008-1964

NameCVE-2008-1964
DescriptionStack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xine-libsource(unstable)(not affected)

Notes

- xine-lib <not-affected> (nsf support disabled by maintainer)
xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
while copyright is 100 bytes long (+ padding for chunks)

Search for package or bug name: Reporting problems