N/A

Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.

N/A

N/A

Xvid视频解码器DirectShow初始化逻辑堆溢出漏洞

Xvid是一款流行的视频解码器。 Xvid视频解码器的DirectShow组件在处理初始化失败情况时存在逻辑错误，在创建贴图管线中的某个点如果出现了内存分配错误的话，就会使用错误的返回值，这最终允许攻击者使用指向了无效或已释放内存的数据结构继续解码视频。成功利用这个漏洞的攻击者可以触发堆溢出，导致执行任意代码。

N/A

N/A