Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0073 — Xine-lib vulnerability

CWE-18910 documents9 sources

Severity

6.8MEDIUMNVD

EPSS

1.8%

top 17.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player Xine Xine-lib

Timeline

PublishedMar 24

Latest updateMay 1

Description

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDxine/xine-lib1.1.10.1

▶Debianvideolan/vlc_media_player< 0.8.6.e-2+3

Patches

Patch: sourceforge.net ↗Patch: xinehq.de ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-hpch-3whr-v22q: Array index error in the sdpplin_parse function in input/libreal/sdpplin↗2022-05-01

▶

CVEList

CVE-2008-0073: Array index error in the sdpplin_parse function in input/libreal/sdpplin↗2008-03-24

▶

OSV

CVE-2008-0073: Array index error in the sdpplin_parse function in input/libreal/sdpplin↗2008-03-24

▶

💥Exploits & PoCs

Exploit-DB

Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow↗2008-04-25

▶

Exploit-DB

MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)↗2008-03-25

▶

📋Vendor Advisories

Ubuntu

xine-lib vulnerabilities↗2008-08-06

▶

Debian

CVE-2008-0073: vlc - Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xi...↗2008

▶

Red Hat

xine-lib: sdpplin_parse() Array Indexing Vulnerability↗

▶

💬Community

Bugzilla

CVE-2008-0073 xine-lib: sdpplin_parse() Array Indexing Vulnerability↗2008-03-19

▶