Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0433

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0433
Last Modified 10 Sep 2008 03:26:23
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0433

Summary

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

Vulnerable Systems

Application

  • Mplayer 1.0 Pre3try2

  • Xine-lib 1 Beta1

  • Xine-lib 1 Beta10

  • Xine-lib 1 Beta11

  • Xine-lib 1 Beta2

  • Xine-lib 1 Beta3

  • Xine-lib 1 Beta4

  • Xine-lib 1 Beta5

  • Xine-lib 1 Beta6

  • Xine-lib 1 Beta7

  • Xine-lib 1 Beta8

  • Xine-lib 1 Beta9

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3a

  • Xine-lib 1 Rc3b

  • Xine-lib 1 Rc3c


References

XF - mplayer-rtsp-rdt-bo(16019)

CONFIRM - http://www.xinehq.de/index.php/security/XSA-2004-3

GENTOO - GLSA-200405-24


Last Updated: 27 May 2016 10:38:36