CVE-2008-1558

EPSS 21.9%

mplayer - arbitrary code execution

Published: 3/31/2008Modified: 4/28/2026

Also known as:DEBIAN-CVE-2008-1558

Description

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.

Affected packages (3)

Debian/mplayerfrom 0, < 1.0~rc2-10
Debian/mplayerfrom 0, < 1.0~rc1-12etch3
Debian/mplayerfrom 0, < 1.0~rc2-8+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-1558