Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2010-2062

Published: 26 December 2014

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

Notes

AuthorNote
jdstrand
per Debian, xine-lib: <not-affected> (immune due to additional check
in xio_rw_abbort)

Priority

Medium

Status

Package Release Status
mplayer
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Ignored

maverick Not vulnerable
(2:1.0~rc4~try1.dsfg1-1ubuntu1)
natty Not vulnerable

oneiric Not vulnerable

upstream
Released (2:1.0~rc3+svn20100502-3)
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
vlc
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(1.0.6-1ubuntu1.8)
maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream
Released (1.0.1-1)
Patches:
vendor: http://www.debian.org/security/2010/dsa-2043
xine-lib
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream Needs triage