PT-2008-6892 · Xine · Xine-Lib

Publicado

1970-01-01

Atualizado

2011-10-17

CVE-2008-0225

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.9 and earlier

Description The issue is related to a heap-based buffer overflow in the rmff dump cont function, which can be exploited by remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session. This is due to the disregarding of the max field, related to the rmff dump header function. The vulnerability can lead to a violation of confidentiality and integrity of protected information and can be exploited remotely.

Recommendations For xine-lib versions 1.1.9 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-01751

BDU:2015-01752

BDU:2015-02554

CVE-2008-0225

DSA-1472-1

DTSA-109-1

Produtos afetados

Xine-Lib

PT-2008-6892 · Xine · Xine-Lib

CVE-2008-0225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27