PublicDate: 2008-01-11 21:46:00 UTC
Candidate: CVE-2008-0238
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0238
 https://ubuntu.com/security/notices/USN-635-1
Description:
 Multiple heap-based buffer overflows in the rmff_dump_cont function in
 input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute
 arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright
 attribute, related to the rmff_dump_header function, different vectors than
 CVE-2008-0225.  NOTE: the provenance of this information is unknown; the
 details are obtained solely from third party information.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488
Priority: medium
Discovered-by: Luigi Auriemma
Assigned-to: jdstrand
CVSS: 

Patches_xine-lib:
upstream_xine-lib: released (1.1.9.1)
dapper_xine-lib: released (1.1.1+ubuntu2-7.9)
edgy_xine-lib: needed (reached end-of-life)
feisty_xine-lib: released (1.1.4-2ubuntu3.1)
gutsy_xine-lib: released (1.1.7-1ubuntu1.3)
hardy_xine-lib: not-affected (1.1.11.1-1ubuntu3)
devel_xine-lib: not-affected (1.1.11.1-1ubuntu3)

Patches_mplayer:
 vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:020
upstream_mplayer: not-affected
dapper_mplayer: released (2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2)
edgy_mplayer: released (2:0.99+1.0pre8-0ubuntu8.3)
feisty_mplayer: released (2:1.0~rc1-0ubuntu9.3)
gutsy_mplayer: released (2:1.0~rc1-0ubuntu13.2)
hardy_mplayer: not-affected
devel_mplayer: not-affected