7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.103 Low
EPSS
Percentile
95.0%
Multiple heap-based buffer overflows in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute
arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright
attribute, related to the rmff_dump_header function, different vectors than
CVE-2008-0225. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mplayer | < 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2 | UNKNOWN |
ubuntu | 6.10 | noarch | mplayer | < 2:0.99+1.0pre8-0ubuntu8.3 | UNKNOWN |
ubuntu | 7.04 | noarch | mplayer | < 2:1.0~rc1-0ubuntu9.3 | UNKNOWN |
ubuntu | 7.10 | noarch | mplayer | < 2:1.0~rc1-0ubuntu13.2 | UNKNOWN |
ubuntu | 6.06 | noarch | xine-lib | < 1.1.1+ubuntu2-7.9 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-lib | < 1.1.4-2ubuntu3.1 | UNKNOWN |
ubuntu | 7.10 | noarch | xine-lib | < 1.1.7-1ubuntu1.3 | UNKNOWN |