xine-lib NES Sound Format Demuxer Buffer Overflow

laurent . gaffie Wed, 23 Apr 2008 13:44:02 -0700

Hi there


Original advisory:

http://milw0rm.com/exploits/5458



There's another stack-based buffer overflow in demux_nfs.c


line 111:

this->copyright = strdup(&header[0x4E]);

line 189:

char copyright[100];

line 208:

sprintf(copyright, "(C) %s", this->copyright);


Regards Laurent Gaffié

xine-lib NES Sound Format Demuxer Buffer Overflow

Reply via email to