CVE-2008-0073 - Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allo

CVE-2008-0073

Summary

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

References

Vulnerable Configurations

cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	28312
confirm	http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 http://wiki.videolan.org/Changelog/0.8.6f http://www.videolan.org/security/sa0803.php http://xinehq.de/index.php/news
debian	DSA-1536 DSA-1543
fedora	FEDORA-2008-2569 FEDORA-2008-2945
gentoo	GLSA-200804-25 GLSA-200808-01
mandriva	MDVSA-2008:178 MDVSA-2008:219
misc	http://secunia.com/secunia_research/2008-10/
sectrack	1019682
secunia	28694 29392 29472 29503 29578 29601 29740 29766 29800 30581 31372 31393
slackware	SSA:2008-089-03
suse	SUSE-SR:2008:007 SUSE-SR:2008:012
ubuntu	USN-635-1
vupen	ADV-2008-0923 ADV-2008-0985
xf	xinelib-sdpplinparse-bo(41339)

Last major update

08-08-2017 - 01:29

Published

24-03-2008 - 22:44

Last modified

08-08-2017 - 01:29