Comment 3 for bug 185034

The vulnerabilities are caused due to boundary errors within the "rmff_dump_cont()" function in input/libreal/rmff.c when processing the SDP "Title", "Author", Copyright", and "Abstract" attributes. These can be exploited to cause a heap-based buffer overflow by tricking the user into connecting to a malicious RTSP server.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are confirmed in version 1.1.9. Other versions may also be affected.

Solution: no upstream fix avaible, so "Do not connect to untrusted streaming servers."...