CVE-2008-1558 — mplayer - arbitrary code execution

Description

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.

How to fix CVE-2008-1558

To remediate CVE-2008-1558, upgrade the affected package to a fixed version below.

Debian/mplayer—upgrade to 1.0~rc2-10 or later
Debian/mplayer—upgrade to 1.0~rc1-12etch3 or later
Debian/mplayer—upgrade to 1.0~rc2-8+lenny1 or later

Is CVE-2008-1558 being exploited?

Moderate — EPSS is 21.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1.0~rc2-10
from 0, < 1.0~rc1-12etch3
from 0, < 1.0~rc2-8+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1558