[arch-security] [ASA-201601-1] rtmpdump: multiple issues
Jelle van der Waa
jelle at vdwaa.nl
Sat Jan 2 16:44:06 UTC 2016
Arch Linux Security Advisory ASA-201601-1
Date : 2016-01-02
CVE-ID : Pending
Package : rtmpdump
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package rtmpdump before version 1:2.4.r96.fa8646d-1 is vulnerable to
arbitrary code execution.
Upgrade to 1:2.4.r96.fa8646d-1.
# pacman -Syu "rtmpdump>=1:2.4.r96.fa8646d-1"
The problem has been fixed upstream but no updated version has been
Several issues have been found in the part of rtmpdump handling RTMP
streams by LMX of Qihoo 360 Codesafe Team. These issues include memory
leak, integer overflow, type confusion when dealing with AMF strings and
objects, and several other parsing issues.
A remote attacker is able to craft a special rtmp stream that, when
processed, can cause arbitrary code execution.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the arch-security