[原文]Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
xine-lib VideoCD ISO Disk Label Parsing Remote Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in xine-lib. The library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted VideoCD containing an unterminated disk label, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Michael Roitzsch has released a patch to address this vulnerability.