PT-2008-6892 · Xine · Xine-Lib

Published

1970-01-01

Updated

2011-10-17

CVE-2008-0225

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions xine-lib versions 1.1.9 and earlier

Description The issue is related to a heap-based buffer overflow in the rmff dump cont function, which can be exploited by remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session. This is due to the disregarding of the max field, related to the rmff dump header function. The vulnerability can lead to a violation of confidentiality and integrity of protected information and can be exploited remotely.

Recommendations For xine-lib versions 1.1.9 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-01751

BDU:2015-01752

BDU:2015-02554

CVE-2008-0225

DSA-1472-1

DTSA-109-1

Affected Products

Xine-Lib

PT-2008-6892 · Xine · Xine-Lib

CVE-2008-0225

Weakness Enumeration

Related Identifiers

Affected Products

References · 27