Description
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Luigi Auriemma · textdoslinux
https://www.exploit-db.com/exploits/31002
References (20)
Core 20
Core References
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/xinermffhof-adv.txt
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0163
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28955
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200801-12.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28489
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28507
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31393
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1472
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=205197
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=428620
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28384
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=567872
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28636
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27198
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28674
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-635-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:020
Scores
EPSS
0.0835
EPSS Percentile
92.3%
Details
CWE
CWE-119
Status
published
Products (1)
xine/xine-lib
< 1.1.9
Published
Jan 10, 2008
Tracked Since
Feb 18, 2026