CVE-2008-0073
Published: 24 March 2008
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
Notes
Author | Note |
---|---|
kees | http://www.milw0rm.com/exploits/5307 |
Priority
Status
Package | Release | Status |
---|---|---|
mplayer Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.0rc3+svn20090426-1ubuntu1)
|
|
maverick |
Not vulnerable
(1.0rc3+svn20090426-1ubuntu1)
|
|
natty |
Not vulnerable
(1.0rc3+svn20090426-1ubuntu1)
|
|
oneiric |
Not vulnerable
(1.0rc3+svn20090426-1ubuntu1)
|
|
upstream |
Needs triage
|
|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1)
|
|
intrepid |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
jaunty |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
karmic |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
lucid |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
maverick |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
natty |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
oneiric |
Released
(0.8.6.release.e+zdebian-2.3ubuntu1)
|
|
upstream |
Not vulnerable
(0.8.6f)
|
|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.9)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(1.1.4-2ubuntu3.1)
|
|
gutsy |
Released
(1.1.7-1ubuntu1.3)
|
|
hardy |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
intrepid |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
jaunty |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
karmic |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
lucid |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
maverick |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
natty |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
oneiric |
Not vulnerable
(1.1.11.1-1ubuntu1)
|
|
upstream |
Released
(1.1.11-1)
|
|
Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:046 vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:046-1 vendor: http://www.debian.org/security/2008/dsa-1536 |