Language Selection

English French German Italian Portuguese Spanish

Alleged critical holes in Xvid

Filed under
Security

According to reports from several security services, the Xvid 1.1.2 Video Codec Library has a security hole which attackers could use to gain control over a PC. For a successful attack, a victim only needs to open a prepared Xvid-AVI file with an application which makes calls to the library. Both Windows and Linux applications are affected.

The errors are located in the file mbcoding.c in the get_intra_block, get_inter_block_h263 and get_inter_block_mpeg functions. Array indexing errors can lead to an overrun which throws parts of the memory into confusion.

The problem is not restricted to AVI files alone but also affects all container formats such as MP4, Ogg and Matroska.

More Here.




More in Tux Machines

Today in Techrights

Linux and Graphics

today's howtos

Ubuntu 16.04.2 LTS Delayed Until February 2, Will Bring Linux 4.8, Newer Mesa

If you've been waiting to upgrade your Ubuntu 16.04 LTS (Xenial Xerus) operating system to the 16.04.2 point release, which should have hit the streets a couple of days ago, you'll have to wait until February 2. We hate to give you guys bad news, but Canonical's engineers are still working hard these days to port all the goodies from the Ubuntu 16.10 (Yakkety Yak) repositories to Ubuntu 16.04 LTS, which is a long-term supported version, until 2019. These include the Linux 4.8 kernel packages and an updated graphics stack based on a newer X.Org Server version and Mesa 3D Graphics Library. Read more