CVE-2008-0073

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
xinexine-lib
1.1.10.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bullseye (security)
3.0.21-0+deb11u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mplayer
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
vlc
oneiric
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
natty
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
maverick
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
lucid
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
karmic
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
jaunty
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
intrepid
Fixed 0.8.6.release.e+zdebian-2.3ubuntu1
released
hardy
Fixed 0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
xine-lib
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
Fixed 1.1.7-1ubuntu1.3
released
feisty
Fixed 1.1.4-2ubuntu3.1
released
edgy
ignored
dapper
Fixed 1.1.1+ubuntu2-7.9
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/28694
http://secunia.com/advisories/29392
http://secunia.com/advisories/29472
http://secunia.com/advisories/29503
http://secunia.com/advisories/29578
http://secunia.com/advisories/29601
http://secunia.com/advisories/29740
http://secunia.com/advisories/29766
http://secunia.com/advisories/29800
http://secunia.com/advisories/30581
http://secunia.com/advisories/31372
http://secunia.com/advisories/31393
http://secunia.com/secunia_research/2008-10/
http://security.gentoo.org/glsa/glsa-200804-25.xml
http://security.gentoo.org/glsa/glsa-200808-01.xml
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
http://wiki.videolan.org/Changelog/0.8.6f
http://www.debian.org/security/2008/dsa-1536
http://www.debian.org/security/2008/dsa-1543
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
http://www.securityfocus.com/bid/28312
http://www.securitytracker.com/id?1019682
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
http://www.ubuntu.com/usn/usn-635-1
http://www.videolan.org/security/sa0803.php
http://www.vupen.com/english/advisories/2008/0923
http://www.vupen.com/english/advisories/2008/0985
http://xinehq.de/index.php/news
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/28694
http://secunia.com/advisories/29392
http://secunia.com/advisories/29472
http://secunia.com/advisories/29503
http://secunia.com/advisories/29578
http://secunia.com/advisories/29601
http://secunia.com/advisories/29740
http://secunia.com/advisories/29766
http://secunia.com/advisories/29800
http://secunia.com/advisories/30581
http://secunia.com/advisories/31372
http://secunia.com/advisories/31393
http://secunia.com/secunia_research/2008-10/
http://security.gentoo.org/glsa/glsa-200804-25.xml
http://security.gentoo.org/glsa/glsa-200808-01.xml
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
http://wiki.videolan.org/Changelog/0.8.6f
http://www.debian.org/security/2008/dsa-1536
http://www.debian.org/security/2008/dsa-1543
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
http://www.securityfocus.com/bid/28312
http://www.securitytracker.com/id?1019682
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
http://www.ubuntu.com/usn/usn-635-1
http://www.videolan.org/security/sa0803.php
http://www.vupen.com/english/advisories/2008/0923
http://www.vupen.com/english/advisories/2008/0985
http://xinehq.de/index.php/news
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html