Launchpad.net

CVE 2008-0073

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Related bugs and status

CVE-2008-0073 (Candidate) is related to these bugs:

Bug #73271: flv audio lag

Summary				In	Importance	Status
	73271	flv audio lag		mplayer (Ubuntu)	Medium	Fix Released

Bug #74282: Altivec detection broken on G3 (multiple packages)

		In	Importance	Status
74282	Altivec detection broken on G3 (multiple packages)	ffmpeg (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Debian)	Unknown	Confirmed

Bug #195700: [xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer

		In	Importance	Status
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu)	Undecided	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Dapper)	High	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Feisty)	High	Fix Released
195700	[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer	xine-lib (Ubuntu Gutsy)	High	Fix Released

Bug #204557: Freeze exception for xine-lib 1.1.11

Summary				In	Importance	Status
	204557	Freeze exception for xine-lib 1.1.11		xine-lib (Ubuntu)	Undecided	Fix Released

Bug #210163: [xine-lib] [DSA-1536-1] several vulnerabilities

		In	Importance	Status
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu)	Undecided	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Debian)	Unknown	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Dapper)	High	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Feisty)	High	Fix Released
210163	[xine-lib] [DSA-1536-1] several vulnerabilities	xine-lib (Ubuntu Gutsy)	High	Fix Released

Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities

Summary				In	Importance	Status
	214977	[vlc] [DSA-1543-1] several vulnerabilities		vlc (Ubuntu)	Undecided	New

Bug #238873: vlc in Hardy needs a security update

		In	Importance	Status
238873	vlc in Hardy needs a security update	vlc (Ubuntu)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Dapper)	Undecided	Invalid
238873	vlc in Hardy needs a security update	vlc (Ubuntu Feisty)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Intrepid)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Hardy)	High	Fix Released

Bug #243453: Please Upgrade Mplayer

Summary				In	Importance	Status
	243453	Please Upgrade Mplayer		mplayer (Ubuntu)	Wishlist	Fix Released
	243453	Please Upgrade Mplayer		Medibuntu	Undecided	Invalid

Bug #246675: mplayer doesn't start immediately

Summary				In	Importance	Status
	246675	mplayer doesn't start immediately		mplayer (Ubuntu)	Undecided	Fix Released

Bug #260918: needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")

		In	Importance	Status
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Debian)	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu Intrepid)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Fedora)	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Ekiga	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kopete	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	VLC media player	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Medibuntu	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	GStreamer	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Cheese	Critical	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Wine	Medium	Confirmed
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	OpenCV	Unknown	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kdenlive	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu)	High	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Lucid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Mozilla Firefox	Medium	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Adobe Flash Plugin Tools	Undecided	Won't Fix

Bug #308939: CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files

Summary				In	Importance	Status
	308939	CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files		mplayer (Ubuntu)	Undecided	Fix Released

Bug #336697: Sync with MPlayer SVN as recommended by countless MPlayer devs

Summary				In	Importance	Status
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		mplayer (Ubuntu)	Undecided	Fix Released
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		MPlayer	Undecided	Invalid

Bug #347021: mplayer can't play some recent flv video

Summary				In	Importance	Status
	347021	mplayer can't play some recent flv video		mplayer (Ubuntu)	Undecided	Fix Released

Bug #922668: Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	922668	Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)		xine-lib-1.2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
CONFIRM: http://xinehq.de/index...
BID: 28312
SECUNIA: 28694
FEDORA: FEDORA-2008-2569
SECTRACK: 1019682
SECUNIA: 29472
DEBIAN: DSA-1536
SUSE: SUSE-SR:2008:007
SECUNIA: 29392
SECUNIA: 29578
SECUNIA: 29601
DEBIAN: DSA-1543
FEDORA: FEDORA-2008-2945
SECUNIA: 29766
SECUNIA: 29740
GENTOO: GLSA-200804-25
CONFIRM: http://wiki.videolan.o...
CONFIRM: http://www.videolan.or...
SECUNIA: 29800
SUSE: SUSE-SR:2008:012
SECUNIA: 30581
GENTOO: GLSA-200808-01
MANDRIVA: MDVSA-2008:178
UBUNTU: USN-635-1
SECUNIA: 31372
SECUNIA: 31393
MANDRIVA: MDVSA-2008:219
SECUNIA: 29503
VUPEN: ADV-2008-0985
VUPEN: ADV-2008-0923
CONFIRM: http://sourceforge.net...
SLACKWARE: SSA:2008-089-03
XF: xinelib-sdpplinparse-b...