Red Hat Bugzilla – Bug 438182
CVE-2008-0073 xine-lib: sdpplin_parse() Array Indexing Vulnerability
Last modified: 2008-04-09 01:16:46 EDT
Alin Rad Pop of Secunia Research discovered following flaw affecting xine-lib:
Secunia Research has discovered a vulnerability in xine-lib, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
"sdpplin_parse()" function in input/libreal/sdpplin.c. This can be exploited to
overwrite arbitrary memory regions via an overly large "streamid" SDP parameter
included in a malicious RTSP stream.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 220.127.116.11. Other versions may also be
Do not open untrusted RTSP streams.
A patch or updated version should be available shortly.
According to Gentoo bug, this issue also affects VLC.
Issue should be addressed in next upstream version 1.1.11 (not yet available).
Patch is aviable in the xine bugzilla.
Direct link to patch:
I'm working on updating F-8+ to 1.1.11.
xine-lib-1.1.11-1.fc8 has been submitted as an update for Fedora 8
Rawhide build is waiting for aalib to be fixed (#438250).
xine-lib-1.1.11-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-18.104.22.168-1.fc7 has been submitted as an update for Fedora 7
xine-lib-22.214.171.124-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.