22 matches found
Mandriva Linux Security Advisory : mplayer (MDVSA-2008:219)
A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer CVE-2008-0073. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These...
Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib)
Check for the Version of xine-lib OpenVAS Vulnerability Test Mandriva Update for xine-lib MDVSA-2008:178 xine-lib Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Fedora Update for xine-lib FEDORA-2008-7572
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for xine-lib FEDORA-2008-2569
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 200804-25 (vlc)
The remote host is missing updates announced in advisory GLSA 200804-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200808-01 (xine-lib)
The remote host is missing updates announced in advisory GLSA 200808-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1543-1 (vlc)
The remote host is missing an update to vlc announced via advisory DSA 1543-1. OpenVAS Vulnerability Test $Id: deb15431.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1543-1 vlc Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian DSA-1543-1 : vlc - several vulnerabilities
Luigi Auriemma, Alin Rad Pop, Remi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker...
Fedora 7 : xine-lib-1.1.11.1-1.fc7 (2008-2945)
This updates xine-lib to 1.1.11.1, which fixes the following security vulnerabilities: CVE-2008-0073 array indexing fixed in 1.1.11, CVE-2008-1482 integer overflow fixed in 1.1.11.1. It also provides a versioned xine-lib plugin-abi so 3rd party packages installing plugins can use it instead of...
Debian Security Advisory DSA 1536-1 (xine-lib)
The remote host is missing an update to xine-lib announced via advisory DSA 1536-1. OpenVAS Vulnerability Test $Id: deb15361.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1536-1 xine-lib Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
SuSE 10 Security Update : xine (ZYPP Patch Number 5116)
This update fixes a bug in the function sdpplinparse that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. CVE-2008-0073 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-1536-1 : libxine - several vulnerabilities
Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems : -...
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1536-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 31, 2008 http://www.debian.org/security/faq -...
openSUSE 10 Security Update : xine-devel (xine-devel-5113)
This update fixes a bug in the function sdpplinparse that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. CVE-2008-0073 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[slackware-security] xine-lib
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0073 Here are the details from the Slackware...
mplayer-overflowpoc.txt
!/usr/bin/perl Huston, mplayer got some vulns! : CVE-2008-0073 also apply to mplayer and vlc with some distinctions. Assuming kernel.varandomize=0 this overwrite EIP with a "stream" structure on my box. The first element of the "stream" structure is a user-supplied buffer so it is not really usef...
Fedora 8 : xine-lib-1.1.11-1.fc8 (2008-2569)
Wed Mar 19 2008 Ville Skytta - 1.1.11-1 - 1.1.11 security update, 438182, CVE-2008-0073. - Drop jack and wavpack build conditionals. - Specfile cleanups. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
[Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability
Hello, CVE-2008-0073 apply also to MPlayer and VLC. -MPlayer-1.0-rc2, stream/realrtsp/sdpplin.c: 161: desc-streamid=atoibuf; 283: desc-streamstream-streamid=stream; - vlc-0.8.6e, modules/access/rtsp/realsdpplin.c: 141: desc-streamid=atoibuf; 257: desc-streamstream-streamid=stream; With MPlayer: e...
CVE-2008-0073
Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...
CVE-2008-0073
CVE-2008-0073 affects xine-lib, where an array indexing vulnerability in the SDP parser (sdpplin_parse in input/libreal/sdpplin.c) could allow a remote RTSP server to execute arbitrary code via a large SDP streamid parameter. Public advisories across distros (Ubuntu, Gentoo GLSA, Mandriva/MVL) de...