CVE-2010-2062

Published: 26 December 2014

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

Priority

Medium

Status

Package Release Status
mplayer
Launchpad, Ubuntu, Debian
Upstream
Released (2:1.0~rc3+svn20100502-3)
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
vlc
Launchpad, Ubuntu, Debian
Upstream
Released (1.0.1-1)
Patches:
Vendor: http://www.debian.org/security/2010/dsa-2043
xine-lib
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
jdstrand
per Debian, xine-lib: <not-affected> (immune due to additional check
in xio_rw_abbort)

References