FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0225

This CVE name corresponds to:

Entered Topic
2008-01-19 libxine -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-0225
Phase Assigned(20080110)

Description

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

References

Source Reference
MISC http://aluigi.altervista.org/adv/xinermffhof-adv.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=428620
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=567872
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=205197
DEBIAN DSA-1472
FEDORA FEDORA-2008-0718
GENTOO GLSA-200801-12
MANDRIVA MDVSA-2008:020
MANDRIVA MDVSA-2008:045
SUSE SUSE-SR:2008:002
UBUNTU USN-635-1
BID 27198
VUPEN ADV-2008-0163
SECUNIA 28384
SECUNIA 28489
SECUNIA 28636
SECUNIA 28674
SECUNIA 28507
SECUNIA 28955
SECUNIA 31393