Opened 12 years ago

Closed 12 years ago

#1042 closed defect (fixed)

Possible Array Indexing Vulnerability which lets injecting code in sdpplin_parse()

Reported by: turkay.eren@… Owned by: r_togni@…
Priority: important Component: streaming
Version: unspecified Severity: critical
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:


Secunia has just released an advisory [0] for xine-lib telling that RTSP streams can be used to inject a code. Xine developers have fixed it and the url of commit for it is [1].

The same code lies in MPlayer too and there could be a security flaw.



Change History (1)

comment:1 Changed 12 years ago by r_togni@…

  • Resolution set to fixed
  • Status changed from new to closed

This is fixed by Reimar in svn r26299

Note: See TracTickets for help on using tickets.