xine-lib
Page content
- Author: vmiklos
- Vulnerable: 1.1.10.1-1
- Unaffected: 1.1.11-1kalgan1
Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “sdpplin_parse()” function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large “streamid” SDP parameter included in a malicious RTSP stream. Successful exploitation allows execution of arbitrary code.
- Bug Tracker URL: http://bugs.frugalware.org/task/2887