|
|
Log in / Subscribe / Register

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2008-0073
Created:March 24, 2008 Updated:October 30, 2008
Description:

From the Red Hat bugzilla:

Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "sdpplin_parse()" function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "streamid" SDP parameter included in a malicious RTSP stream.

Successful exploitation allows execution of arbitrary code.

Alerts:
Mandriva MDVSA-2008:219 mplayer 2008-10-29
Fedora FEDORA-2008-7572 xine-lib 2008-09-05
Mandriva MDVSA-2008:178 xine-lib 2008-08-20
Ubuntu USN-635-1 xine-lib 2008-08-06
Gentoo 200808-01 xine-lib 2008-08-06
SuSE SUSE-SR:2008:012 xine, xemacs, emacs, opensuse-updater, libvorbis, vorbis-tools, pdns-recursor, openwsman 2008-06-06
Gentoo 200804-25 vlc 2008-04-23
Debian DSA-1543-1 vlc 2008-04-09
Fedora FEDORA-2008-2945 xine-lib 2008-04-08
Debian DSA-1536-1 xine-lib 2008-03-31
Slackware SSA:2008-089-03 xine-lib 2008-03-31
SuSE SUSE-SR:2008:007 unzip, tomcat, moodle, xine 2008-03-28
Fedora FEDORA-2008-2569 xine-lib 2008-03-21
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds