Language Selection

English French German Italian Portuguese Spanish

Alleged critical holes in Xvid

Filed under
Security

According to reports from several security services, the Xvid 1.1.2 Video Codec Library has a security hole which attackers could use to gain control over a PC. For a successful attack, a victim only needs to open a prepared Xvid-AVI file with an application which makes calls to the library. Both Windows and Linux applications are affected.

The errors are located in the file mbcoding.c in the get_intra_block, get_inter_block_h263 and get_inter_block_mpeg functions. Array indexing errors can lead to an overrun which throws parts of the memory into confusion.

The problem is not restricted to AVI files alone but also affects all container formats such as MP4, Ogg and Matroska.

More Here.




More in Tux Machines

Leftovers: Ubuntu

Leftovers: Software

today's howtos

Phoronix on NVIDIA

  • Compute Shader Support Patches For NVIDIA Fermi On Nouveau
    Samuel Pitoiset has published a set of twelve patches for implementing compute shaders support within the Nouveau NVC0 Gallium3D driver for the GeForce 400/500 "Fermi" graphics processors.
  • NVIDIA Posts Latest PRIME Sync Patches On Road To Better Support
    Alex Goins of NVIDIA has spent the past several months working on PRIME synchronization support to fix tearing when using this NVIDIA-popular multi-GPU method. The latest patches were published this week.
  • The Best Graphics Card Brands For NVIDIA/AMD GPUs As A Linux Consumer?
    One of the most frequent topics I'm emailed about is any brand recommendations among NVIDIA and AMD AIB partners for graphics cards. For Linux users, is there a particular brand preference for graphics cards? The short story is, no, there isn't one particular brand when selecting either a GeForce or Radeon graphics card that a Linux gamer/enthusiast should go with over another AIB partner. Over the past 12 years of running Phoronix, there has been no single AIB partner that superbly stands out compared to the rest when it comes to graphics card AIB partner brands like ASUS, Zotac, HIS, MSI, etc. They all work under Linux, rarely the AIB differences extend beyond the heatsink/cooler and any default clock speed differences, and I haven't seen one that's over-the-top crazy about Linux. I also haven't seen any major partner consistently put the Tux logo or other Linux markings on their product packaging, let alone incorporate any Linux drivers onto their CD/DVD driver media.