Launchpad CVE tracker

CVE 2008-0225

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2008-0225 (Candidate) is related to these bugs:

Bug #181949: Please sync xine-lib (main) from Debian unstable (main)

Summary				In	Importance	Status
	181949	Please sync xine-lib (main) from Debian unstable (main)		xine-lib (Ubuntu)	Undecided	Fix Released

Bug #185034: [xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams

		In	Importance	Status
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu)	Undecided	Invalid
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Gentoo Linux)	Medium	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Dapper)	Undecided	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Feisty)	Undecided	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Gutsy)	Undecided	Fix Released

Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows

		In	Importance	Status
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Feisty)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Gutsy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Hardy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Dapper)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Edgy)	High	Fix Released

Bug #922668: Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	922668	Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)		xine-lib-1.2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0225

References