[ GLSA 201312-11 ] Win32 Codecs: User-assisted execution of arbitrary code

[GLSA]

Gentoo Linux Security Advisory

Title: Win32 Codecs: User-assisted execution of arbitrary code (GLSA 201312-11)
Severity: normal
Exploitable: remote
Date: December 16, 2013
Bug(s): #232999
ID: 201312-11

Synopsis

A buffer overflow vulnerability in Win32 Codecs can potentially
allow for user-assisted arbitrary code execution.


Background

Win32 Codecs is a set of Windows audio and video playback codecs.

Affected Packages

Package: media-libs/win32codecs
Vulnerable: <= 20071007-r4
Architectures: All supported architectures


Description

A heap-based buffer overflow exists when handling Shockwave Flash files.

Impact

A remote attacker could entice a user to open a specially crafted Flash
file using a package linked against Win32 Codecs, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Win32 Codecs. We recommend that
users unmerge Win32 Codecs: