CVE-2008-1964

Name	CVE-2008-1964
Description	Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
xine-lib	source	(unstable)	(not affected)

Notes

- xine-lib <not-affected> (nsf support disabled by maintainer)
xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
while copyright is 100 bytes long (+ padding for chunks)