CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

GLSA-200805-22 : MPlayer: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200805-22 MPlayer: User-assisted execution of arbitrary code ksOSe reported an integer overflow vulnerability in the sdpplinparse function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory...

MPlayer sdpplin_parse()函数RTSP整数溢出漏洞

BUGTRAQ ID: 28851 CVECAN ID: CVE-2008-1558 MPlayer是一款基于Linux的媒体播放程序，支持多种媒体格式。 MPlayer的stream/realrtsp/sdpplin.c文件中的sdpplinparse函数存在整数溢出漏洞： sdpplinparsestream desc-streamid=atoibuf; spplinparse desc-streamstream-streamid=stream; 如果用户所打开的媒体文件中包含有超长的StreamCount SDP参数的话，就可以触发这个溢出，导致执行任意指令。 MPlayer 1....

DEBIAN-CVE-2008-1558

Uncontrolled array index in the sdpplinparse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow...

CVE-2008-1558

CVE-2008-1558 affects MPlayer 1.0_rc2 and relates to an uncontrolled array index/integer overflow in the function sdpplin_parse (stream/realrtsp/sdpplin.c). A large SDP parameter (notably StreamCount) can cause memory overwrite, enabling remote code execution. Public advisories describe this as a...

CVE-2008-1558

Uncontrolled array index in the sdpplinparse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow...

MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC

Exploit for linux platform in category dos / poc ================================================================== MPlayer sdpplinparse Array Indexing Buffer Overflow Exploit PoC ================================================================== !/usr/bin/perl Huston, mplayer got some vulns! :...

[Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability

Hello, CVE-2008-0073 apply also to MPlayer and VLC. -MPlayer-1.0-rc2, stream/realrtsp/sdpplin.c: 161: desc-streamid=atoibuf; 283: desc-streamstream-streamid=stream; - vlc-0.8.6e, modules/access/rtsp/realsdpplin.c: 141: desc-streamid=atoibuf; 257: desc-streamstream-streamid=stream; With MPlayer: e...

CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

Design/Logic Flaw

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

DEBIAN-CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

xine-lib sdpplin_parse()函数远程溢出漏洞

BUGTRAQ ID: 28312 CVECAN ID: CVE-2008-0073 xine是一款免费的媒体播放器，支持多种格式。 xine的input/libreal/sdpplin.c文件中的sdpplinparse函数存在缓冲区溢出漏洞，如果恶意的RTSP流中包含有超长的SDP参数的话，就可能触发这个溢出，导致执行任意指令。 xine-lib 1.1.10.1 xine ---- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://xinehq.de/...

VLC Media Player sdpplin_parse() RTSP堆溢出漏洞

BUGTRAQ ID: 27221 VLC Media Player是一款免费的媒体播放器。 VLC在处理畸形格式的数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 VLC所使用的旧版Xine库在modules/access/rtsp/realsdpplin.c文件中存在堆溢出漏洞： sdpplint sdpplinparsechar data sdpplint desc = mallocsizeofsdpplint; sdpplinstreamt stream; char buf=malloc3200; char decoded=malloc3200; ... whil...