Bug#473057: vlc: CVE-2008-0073 code execution via crafted rtsp stream
Christophe Mutricy
xtophe at chewa.net
Fri Mar 28 16:30:13 UTC 2008
Fixed upstream in
http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8c838a6fe5f3bdb4af4f5f73d7ac0206ea92e029
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for vlc.
>
> CVE-2008-0073CVE-2008-0073[0]:
> | Array index error in the sdpplin_parse function in
> | input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP
> | servers to execute arbitrary code via a large streamid SDP parameter.
>
> It turned out that vlc is also using that code in
> modules/access/rtsp/real_sdpplin.c
--
Xtophe
More information about the pkg-multimedia-maintainers
mailing list