Language Selection

English French German Italian Portuguese Spanish

Alleged critical holes in Xvid

Filed under
Security

According to reports from several security services, the Xvid 1.1.2 Video Codec Library has a security hole which attackers could use to gain control over a PC. For a successful attack, a victim only needs to open a prepared Xvid-AVI file with an application which makes calls to the library. Both Windows and Linux applications are affected.

The errors are located in the file mbcoding.c in the get_intra_block, get_inter_block_h263 and get_inter_block_mpeg functions. Array indexing errors can lead to an overrun which throws parts of the memory into confusion.

The problem is not restricted to AVI files alone but also affects all container formats such as MP4, Ogg and Matroska.

More Here.




More in Tux Machines

New Kernel Releases

Open-Source Driver Fans Will Love NVIDIA's New OpenGL Demo

Those with a bit of humor will love the demo NVIDIA recently used for showing off their Nouveau-based open-source graphics driver stack on the Tegra K1 SoC. Last month at FOSDEM was a presentation on the Nouveau Tegra K1 driver stack by Alexandre Courbot of NVIDIA. In there NVIDIA talked about their great experience working on this open-source driver and engagement with the Nouveau community, which will continue for future Tegra SoCs. That aforelinked article covered all of the important details of that presentation. Read more

GNOME Builder Makes It Easier for Developers to Create Apps for GNOME 3.16

On March 26, we announced the release of the GNOME 3.16 desktop environment, and we unveiled its awesome features, including updated and new applications. However, we completely missed one app: GNOME Builder, a powerful IDE (Integrated Development Environment) for GNOME. Read more

User-friendly virtual hosting with TurnKey Linux

Suppose you’re a developer and want to experiment with Drupal 7.7 or WordPress. Maybe you're a K-12 teacher or university professor and want to teach your students Moodle administration or how to create some network-attached storage. You could download a tarball from Drupal.com or WordPress.org and configure on your own desktop or laptop, but then you would also need to configure Apache and MySQL too. All of these operations take effort and know-how that you may or may not have time for. Read more