===========
oCERT reported that the Speex library does not properly validate the
"mode" value it derives from Speex streams, allowing for array indexing
vulnerabilities inside multiple player applications. Within Gentoo,
xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins,
vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found
to be vulnerable.
Impact
======
- helix-player is not currently supported in Firefox 3.6. This is a known
issue and may be fixed in a future update.
- RealAudio via the totem plugin is no longer supported in Firefox 3.6 in
Ubuntu 8.04 LTS. Affected users navigating to Real content will be
prompted to install optional community supported packages.
- In Ubuntu 8.04 LTS the xine plugin is non-functional. After upgrading to
Firefox 3.6, the plugin may cause the browser to crash, while in Firefox
3.0 it would be silently ignored. Users are advised to uninstall
xine-plugin and/or gxineplugin.
- Plugins using external helpers (such as Totem) may not close when using
the Epiphany browser. This is a known issue being tracked in
Seems only vlc devs did their homework (Sam Hocevar is part of the vlc team).
Interesting enough, even firefox seems to have a gif-crasher since a year.
gstreamer crash by lol-ffplay.mpg lol-gstreamer.m2v lol-mplayer.m2v
lol-mplayer.mpg lol-vlc.m2v lol-vlc.mpg
endless loop by lol-ffplay.m2v lol-xine.mpg
mplayer hang by lol-mplayer.wmv,
crash by lol-ffplay.flac lol-mplayer.aac lol-mplayer.mpg lol-mplayer.ogg
lol-ogg123.flac lol-vlc.aac lol-xine.aac
