CVE-2010-2062
Published: 26 December 2014
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
Notes
Author | Note |
---|---|
jdstrand | per Debian, xine-lib: <not-affected> (immune due to additional check in xio_rw_abbort) |
Priority
Status
Package | Release | Status |
---|---|---|
mplayer Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
maverick |
Not vulnerable
(2:1.0~rc4~try1.dsfg1-1ubuntu1)
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(2:1.0~rc3+svn20100502-3)
|
|
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||
vlc Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(1.0.6-1ubuntu1.8)
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(1.0.1-1)
|
|
Patches: vendor: http://www.debian.org/security/2010/dsa-2043 |
||
xine-lib Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Needs triage
|