CVE-2004-0433 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

3.1%

top 13.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Xine Xine-lib

Timeline

PublishedAug 18

Latest updateApr 29

Description

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDxine/xine-lib15 versions+14

▶Debianmplayer/mplayer< 1.0~pre6a-1+3

▶NVDmplayer/mplayer1.0_pre3try2

🔴Vulnerability Details

GHSA

GHSA-4pvm-mp59-j2rf: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1↗2022-04-29

▶

OSV

CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1↗2004-08-18

▶

CVEList

CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1↗2004-05-05

▶

📋Vendor Advisories

Debian

CVE-2004-0433: mplayer - Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for ...↗2004

▶