Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
According to reports from several security services, the Xvid 1.1.2 Video Codec Library has a security hole which attackers could use to gain control over a PC. For a successful attack, a victim only needs to open a prepared Xvid-AVI file with an application which makes calls to the library. Both Windows and Linux applications are affected.
The errors are located in the file mbcoding.c in the get_intra_block, get_inter_block_h263 and get_inter_block_mpeg functions. Array indexing errors can lead to an overrun which throws parts of the memory into confusion.
The problem is not restricted to AVI files alone but also affects all container formats such as MP4, Ogg and Matroska.