PT-2008-1143 · Xine+1 · Xine Library+1

Luigi Auriemma

Published

2008-01-16

Updated

2017-09-29

CVE-2008-0295

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VideoLAN VLC Media Player versions 0.8.6d and earlier

Description The issue is related to a heap-based buffer overflow in the real sdpplin.c module of the Xine library, used in VideoLAN VLC Media Player. This allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. The exploitation of this issue can lead to the execution of arbitrary code or a denial of service.

Recommendations For versions 0.8.6d and earlier, consider disabling the real sdpplin.c module or restricting the use of long SDP data to minimize the risk of exploitation until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2019-03964

CVE-2008-0295

DSA-1543-1

DTSA-111-1

Affected Products

Videolan Vlc Media Player

Xine Library

PT-2008-1143 · Xine+1 · Xine Library+1

CVE-2008-0295

Weakness Enumeration

Related Identifiers

Affected Products

References · 22