CVE-2008-0225 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-0225
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0225

Description: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-635-1 SUSE http://www.novell.com/linux/security/advisories/suse_security_summary_report.html SAID Secunia Advisory: SA28384 Secunia Advisory: SA28489 Secunia Advisory: SA28636 Secunia Advisory: SA28674 Secunia Advisory: SA28507 Secunia Advisory: SA28955 Secunia Advisory: SA31393 MISC http://aluigi.altervista.org/adv/xinermffhof-adv.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:045 http://www.mandriva.com/security/advisories?name=MDVSA-2008:020 GENTOO http://security.gentoo.org/glsa/glsa-200801-12.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1472 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=205197 http://sourceforge.net/project/shownotes.php?release_id=567872 BID 27198

Return to the previous page.