Context Navigation

← Previous Ticket
Next Ticket →

#1042 closed defect (fixed)

Possible Array Indexing Vulnerability which lets injecting code in sdpplin_parse()

Reported by:	turkay.eren@…	Owned by:	r_togni@…
Priority:	important	Component:	streaming
Version:	unspecified	Severity:	critical
Keywords:		Cc:
Blocked By:		Blocking:
Reproduced by developer:	no	Analyzed by developer:	no

Description

Secunia has just released an advisory [0] for xine-lib telling that RTSP streams can be used to inject a code. Xine developers have fixed it and the url of commit for it is [1].

The same code lies in MPlayer too and there could be a security flaw.

[0] http://secunia.com/secunia_research/2008-10/advisory/

[1] http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=12cb075fba8ea09813fc35e0c731d2a64265b637;style=raw

Change History (1)

comment:1 by r_togni@…, 16 years ago

Resolution:	→ fixed
Status:	new → closed

This is fixed by Reimar in svn r26299

Note: See TracTickets for help on using tickets.

Download in other formats: