CVE-2008-0225

xine-lib < 1.1.9 - Remote Code Execution via RTSP SDP Abstract Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0225. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit leverages a heap-based buffer overflow in xine-lib by providing maliciously crafted SDP data. The 'QUFBQUFB' sequence decodes to 'AAAAAA', triggering the overflow when processed by vulnerable versions of xine-lib.

Description

Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoslinux

https://www.exploit-db.com/exploits/31002

View Code ZIP pw:eip

This exploit leverages a heap-based buffer overflow in xine-lib by providing maliciously crafted SDP data. The 'QUFBQUFB' sequence decodes to 'AAAAAA', triggering the overflow when processed by vulnerable versions of xine-lib.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: xine-lib 1.1.9 and prior

No auth needed

Prerequisites: A vulnerable version of xine-lib · Ability to deliver malicious SDP data to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20

Core References

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/xinermffhof-adv.txt

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/suse_security_summary_report.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0163

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:045

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28955

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200801-12.xml

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28489

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28507

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31393

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1472

Issue Tracking x_refsource_confirm

http://bugs.gentoo.org/show_bug.cgi?id=205197

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=428620

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28384

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=567872

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28636

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27198

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28674

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-635-1

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:020

Scores

EPSS 0.1497

EPSS Percentile 96.3%

Details

CWE

CWE-119

Status published

Products (1)

xine/xine-lib < 1.1.9

Published Jan 10, 2008

Tracked Since Feb 18, 2026