Launchpad.net

CVE 2008-0295

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Related bugs and status

CVE-2008-0295 (Candidate) is related to these bugs:

Bug #196452: Multiple vulnerabilites in vlc prior to 0.8.6e

		In	Importance	Status
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu)	Undecided	Fix Released
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Debian)	Unknown	Fix Released
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Dapper)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Edgy)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Feisty)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Hardy)	Undecided	Fix Released

Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities

Summary				In	Importance	Status
	214977	[vlc] [DSA-1543-1] several vulnerabilities		vlc (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

MISC: http://aluigi.altervis...
BID: 27221
SECUNIA: 28383
GENTOO: GLSA-200803-13
SECUNIA: 29284
DEBIAN: DSA-1543
SECUNIA: 29766
VUPEN: ADV-2008-0105
OVAL: oval:org.mitre.oval:de...