Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0225

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-0225
Last Modified 17 Oct 2011 12:00:00
Published 10 Jan 2008 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0225

Summary

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Xine-lib 1.1.9


References

FEDORA - FEDORA-2008-0718

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=428620

VUPEN - ADV-2008-0163

UBUNTU - USN-635-1

BID - 27198

SUSE - SUSE-SR:2008:002

MANDRIVA - MDVSA-2008:045

MANDRIVA - MDVSA-2008:020

DEBIAN - DSA-1472

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=567872

GENTOO - GLSA-200801-12

SECUNIA - 31393

SECUNIA - 28955

SECUNIA - 28674

SECUNIA - 28636

SECUNIA - 28507

SECUNIA - 28489

SECUNIA - 28384

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=205197

MISC - http://aluigi.altervista.org/adv/xinermffhof-adv.txt


Last Updated: 27 May 2016 10:46:43