Opened 11 years ago

Closed 11 years ago

#1042 closed defect (fixed)

Possible Array Indexing Vulnerability which lets injecting code in sdpplin_parse()

Reported by: turkay.eren@… Owned by: r_togni@…
Priority: important Component: streaming
Version: unspecified Severity: critical
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

Secunia has just released an advisory [0] for xine-lib telling that RTSP streams can be used to inject a code. Xine developers have fixed it and the url of commit for it is [1].

The same code lies in MPlayer too and there could be a security flaw.

[0] http://secunia.com/secunia_research/2008-10/advisory/

[1] http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=12cb075fba8ea09813fc35e0c731d2a64265b637;style=raw

Change History (1)

comment:1 Changed 11 years ago by r_togni@…

  • Resolution set to fixed
  • Status changed from new to closed

This is fixed by Reimar in svn r26299

Note: See TracTickets for help on using tickets.