CVE-2010-2062
Published: 26 December 2014
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian, xine-lib: <not-affected> (immune due to additional check in xio_rw_abbort) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mplayer Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
|
|
| maverick |
Not vulnerable
(2:1.0~rc4~try1.dsfg1-1ubuntu1)
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Released
(2:1.0~rc3+svn20100502-3)
|
|
| This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||
|
vlc Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
(1.0.6-1ubuntu1.8)
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Released
(1.0.1-1)
|
|
|
Patches: vendor: http://www.debian.org/security/2010/dsa-2043 |
||
|
xine-lib Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Needs triage
|
|