Launchpad CVE tracker

CVE 2008-0238

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Related bugs and status

CVE-2008-0238 (Candidate) is related to these bugs:

Bug #185034: [xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams

		In	Importance	Status
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu)	Undecided	Invalid
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Gentoo Linux)	Medium	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Dapper)	Undecided	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Feisty)	Undecided	Fix Released
185034	[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams	xine-lib (Ubuntu Gutsy)	Undecided	Fix Released

Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows

		In	Importance	Status
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Feisty)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Gutsy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Hardy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Dapper)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Edgy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 28384
MANDRIVA: MDVSA-2008:020
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200801-12
SECUNIA: 28674
MANDRIVA: MDVSA-2008:045
SECUNIA: 28955
UBUNTU: USN-635-1
SECUNIA: 31393

Launchpad.net

CVE 2008-0238

Related bugs and status

Related bugs

References