CVE-2008-0238

Publication date 11 January 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status

Package Ubuntu Release Status
mplayer 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2:1.0~rc1-0ubuntu13.2
7.04 feisty
Fixed 2:1.0~rc1-0ubuntu9.3
6.10 edgy
Fixed 2:0.99+1.0pre8-0ubuntu8.3
6.06 LTS dapper
Fixed 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2
xine-lib 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 1.1.7-1ubuntu1.3
7.04 feisty
Fixed 1.1.4-2ubuntu3.1
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper
Fixed 1.1.1+ubuntu2-7.9

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
mplayer

References

Related Ubuntu Security Notices (USN)

    • USN-635-1
    • xine-lib vulnerabilities
    • 6 August 2008

Other references