A buffer overflow vulnerability in Win32 Codecs can potentially allow for user-assisted arbitrary code execution.
Package | media-libs/win32codecs on all architectures |
---|---|
Affected versions | <= 20071007-r4 |
Unaffected versions |
Win32 Codecs is a set of Windows audio and video playback codecs.
A heap-based buffer overflow exists when handling Shockwave Flash files.
A remote attacker could entice a user to open a specially crafted Flash file using a package linked against Win32 Codecs, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
Gentoo has discontinued support for Win32 Codecs. We recommend that users unmerge Win32 Codecs:
# emerge --unmerge "media-libs/win32codecs"
Release date
December 16, 2013
Latest revision
December 16, 2013: 1
Severity
normal
Exploitable
remote
Bugzilla entries