Launchpad.net

CVE 2008-1558

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.

Related bugs and status

CVE-2008-1558 (Candidate) is related to these bugs:

Bug #212601: [CVE-2008-1558] arbitrary code execution via uncontrolled array index

		In	Importance	Status
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu)	Undecided	Fix Released
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu Dapper)	Undecided	Fix Released
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu Edgy)	Undecided	Won't Fix
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu Feisty)	Undecided	Won't Fix
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu Gutsy)	Undecided	Fix Released
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Ubuntu Hardy)	Undecided	Fix Released
212601	[CVE-2008-1558] arbitrary code execution via uncontrolled array index	mplayer (Debian)	Unknown	Fix Released

Bug #279030: [CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service

		In	Importance	Status
279030	[CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service	mplayer (Ubuntu)	Medium	Fix Released
279030	[CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service	mplayer (Ubuntu Dapper)	Medium	Fix Released
279030	[CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service	mplayer (Ubuntu Gutsy)	Medium	Fix Released
279030	[CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service	mplayer (Ubuntu Hardy)	Medium	Fix Released
279030	[CVE-2008-3827] Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service	mplayer (Ubuntu Intrepid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 29515
DEBIAN: DSA-1552
SECUNIA: 29921
BID: 28851
MANDRIVA: MDVSA-2008:196
SECUNIA: 30412
GENTOO: GLSA-200805-22
VUPEN: ADV-2008-0997
XF: mplayer-sdpplin-overfl...
EXPLOIT-DB: 5307