cbcvebase.
CVE-2008-0073
published 2008-03-24

CVE-2008-0073: Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.17%
94.7th percentile
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.e-2 (bookworm)vlc 0.8.6.e-2 (bookworm)
videolanvlc_media_player>= 0 < 0.8.6.e-20.8.6.e-2
videolanvlc_media_player>= 0 < 0.8.6.e-20.8.6.e-2
videolanvlc_media_player>= 0 < 0.8.6.e-20.8.6.e-2
videolanvlc_media_player>= 0 < 0.8.6.e-20.8.6.e-2
xinexine-lib

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.