CVE-2008-0073

Exp

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Published: 2008-03-24 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2008-0073 is rated High Exploit Risk (80.3/100): CVSS Medium severity, with high exploitation likelihood (EPSS 9.17%, 95th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +7.40% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-0073

EDB-ID Source Kind Published Link
5498 exploit_db edb 2008-04-25 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-0073

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.77% 9.17% +7.40%
2 2026-03-01 1.59% 1.77% +0.18%
3 2025-12-02 1.59%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-0073

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
8.6 6.4 [email protected]

Weakness enumeration for CVE-2008-0073

OS Trackers for CVE-2008-0073

vendor priority summary link
debian medium CVE-2008-0073 medium priority: Debian including 1 source packages (vlc), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2008-0073
gentoo normal CVE-2008-0073: 2 GLSA(s) (200804-25, 200808-01), 2 atom(s) (media-libs/xine-lib, media-video/vlc); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-0073
redhat https://access.redhat.com/security/cve/CVE-2008-0073
ubuntu medium CVE-2008-0073 medium priority: Ubuntu including 3 source packages (mplayer, vlc, xine-lib), 39 status rows across 13 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): ignored 13, not-affected 13, released 12, needs-triage 1. https://ubuntu.com/security/CVE-2008-0073

Affected software / configurations for CVE-2008-0073

Vendor Product Version Raw CPE
xine xine-lib 1.1.10.1 cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*

References for CVE-2008-0073

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/28694 Vendor Advisory
http://secunia.com/advisories/29392
http://secunia.com/advisories/29472
http://secunia.com/advisories/29503
http://secunia.com/advisories/29578
http://secunia.com/advisories/29601
http://secunia.com/advisories/29740
http://secunia.com/advisories/29766
http://secunia.com/advisories/29800
http://secunia.com/advisories/30581
http://secunia.com/advisories/31372
http://secunia.com/advisories/31393
http://secunia.com/secunia_research/2008-10/ Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-25.xml
http://security.gentoo.org/glsa/glsa-200808-01.xml
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 Patch
http://wiki.videolan.org/Changelog/0.8.6f
http://www.debian.org/security/2008/dsa-1536
http://www.debian.org/security/2008/dsa-1543
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
http://www.securityfocus.com/bid/28312
http://www.securitytracker.com/id?1019682
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
http://www.ubuntu.com/usn/usn-635-1
http://www.videolan.org/security/sa0803.php
http://www.vupen.com/english/advisories/2008/0923
http://www.vupen.com/english/advisories/2008/0985
http://xinehq.de/index.php/news Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
cvelogic Threat Intelligence