CVE-2008-0073 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-0073
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0073

Description: Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41339 UBUNTU http://www.ubuntu.com/usn/usn-635-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html ST 1019682 SLACKWARE http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408 SAID Secunia Advisory: SA29740 Secunia Advisory: SA29766 Secunia Advisory: SA29601 Secunia Advisory: SA29578 Secunia Advisory: SA29392 Secunia Advisory: SA29472 Secunia Advisory: SA28694 Secunia Advisory: SA29800 Secunia Advisory: SA30581 Secunia Advisory: SA31372 Secunia Advisory: SA31393 MISC http://secunia.com/secunia_research/2008-10/ MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 GENTOO http://security.gentoo.org/glsa/glsa-200804-25.xml http://security.gentoo.org/glsa/glsa-200808-01.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1543 http://www.debian.org/security/2008/dsa-1536 CONFIRM http://www.videolan.org/security/sa0803.php http://xinehq.de/index.php/news http://wiki.videolan.org/Changelog/0.8.6f http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 BID 28312

Return to the previous page.