Published: 24/03/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1.1.10.1

Alin Rad Pop discovered an array index vulnerability in the SDP parser If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program (CVE-2008-0073) ...

Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open ...

Debian Bug report logs - #489004 vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 2 Jul 2008 17:21:07 U ...

Debian Bug report logs - #475152 libfishsound: CVE-2008-1686 code execution via crafted header containing negative offsets Package: libfishsound1; Maintainer for libfishsound1 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for libfishsound1 is src:libfishsound (PTS, buildd, popcon) Reported by: ...

Debian Bug report logs - #473057 vlc: CVE-2008-0073 code execution via crafted rtsp stream Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 28 Mar 2008 01:18:01 U ...

Debian Bug report logs - #472635 vlc CVE-2008-1489: integer overflow leading to heap overflow Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 25 Mar 2008 13:27:0 ...

Debian Bug report logs - #473056 mplayer: CVE-2008-0073 remote code execution via crafted rtsp stream Package: mplayer; Maintainer for mplayer is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for mplayer is src:mplayer (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: ...

MPlayer sdpplin_parse() array indexing proof of concept buffer overflow exploit ...

#!/usr/bin/python # # Kantaris 034 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a filmssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensi ...

CVE-2008-0073

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect