Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19504
HistoryMar 25, 2008 - 12:00 a.m.

[Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability

2008-03-2500:00:00
vulners.com
22
JSON

Hello,

CVE-2008-0073 apply also to MPlayer and VLC.

-MPlayer-1.0-rc2, stream/realrtsp/sdpplin.c:

161: desc->stream_id=atoi(buf);
283: desc->stream[stream->stream_id]=stream;

  • vlc-0.8.6e, modules/access/rtsp/real_sdpplin.c:

141: desc->stream_id=atoi(buf);
257: desc->stream[stream->stream_id]=stream;

With MPlayer:

eax 0xa0737008 // pointer to desc->stream
edx 0x0495badd // "streamid" value (76921565)
edi 0x089b59e8 // pointer to stream
<sdpplin_parse+731>: mov DWORD PTR [eax+edx*4],edi

http://www.milw0rm.com/exploits/5307

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

nessus 14
slackware 1
exploitpack 1
debiancve 1
fedora 3
packetstorm 1
openvas 14
cve 1
prion 1
ubuntucve 1
redhatcve 1
seebug 2
exploitdb 1
gentoo 2
securityvulns 1
debian 2
osv 2
ubuntu 1
nessus
nessus
Fedora 8 : xine-lib-1.1.11-1.fc8 (2008-2569)
2008-03-26 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-089-03)
2008-03-31 00:00:00
SuSE 10 Security Update : xine (ZYPP Patch Number 5116)
2008-04-01 00:00:00
slackware
slackware
[slackware-security] xine-lib
2008-03-30 00:05:12
exploitpack
exploitpack
MPlayer 1.0 rc2 - sdpplin_parse() Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
debiancve
debiancve
CVE-2008-0073
2008-03-24 22:44:00
fedora
fedora
[SECURITY] Fedora 8 Update: xine-lib-1.1.11-1.fc8
2008-03-21 22:06:16
[SECURITY] Fedora 7 Update: xine-lib-1.1.11.1-1.fc7
2008-04-09 05:18:08
[SECURITY] Fedora 8 Update: xine-lib-1.1.15-1.fc8
2008-09-10 06:45:50
packetstorm
packetstorm
mplayer-overflowpoc.txt
2008-03-26 00:00:00
openvas
openvas
Fedora Update for xine-lib FEDORA-2008-2569
2009-02-16 00:00:00
Slackware Advisory SSA:2008-089-03 xine-lib
2012-09-11 00:00:00
Slackware Advisory SSA:2008-089-03 xine-lib
2012-09-11 00:00:00
cve
cve
CVE-2008-0073
2008-03-24 22:44:00
prion
prion
Design/Logic Flaw
2008-03-24 22:44:00
ubuntucve
ubuntucve
CVE-2008-0073
2008-03-24 00:00:00
redhatcve
redhatcve
CVE-2008-0073
2019-10-04 21:36:03
seebug
seebug
MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC
2008-03-26 00:00:00
xine-lib sdpplin_parse()ε‡½ζ•°θΏœη¨‹ζΊ’ε‡ΊζΌζ΄ž
2008-03-21 00:00:00
exploitdb
exploitdb
MPlayer 1.0 rc2 - &#039;sdpplin_parse()&#039; Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
gentoo
gentoo
xine-lib: User-assisted execution of arbitrary code
2008-08-06 00:00:00
VLC: User-assisted execution of arbitrary code
2008-04-23 00:00:00
securityvulns
securityvulns
Xine / MPlayer / VLC buffer overflow
2008-03-25 00:00:00
debian
debian
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
2008-03-31 20:51:58
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities
2008-04-09 19:26:06
osv
osv
xine-lib - several vulnerabilities
2008-03-31 00:00:00
vlc - several vulnerabilities
2008-04-09 00:00:00
ubuntu
ubuntu
xine-lib vulnerabilities
2008-08-06 00:00:00
JSON
Related for SECURITYVULNS:DOC:19504
nessus14slackware1exploitpack1debiancve1fedora3packetstorm1openvas14cve1prion1ubuntucve1redhatcve1seebug2exploitdb1gentoo2securityvulns1debian2osv2ubuntu1