CVE-2004-0433
published 2004-08-18CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when…
PriorityP434critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.12%
91.3th percentile
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 1.0~pre6a-1 (bookworm) | mplayer 1.0~pre6a-1 (bookworm) |
| mplayer | mplayer | — | — |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pvm-mp59-j2rf: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1
ghsa_unreviewed·2022-04-29
CVE-2004-0433 [HIGH] GHSA-4pvm-mp59-j2rf: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
OSV
CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1
osv·2004-08-18·CVSS 10.0
CVE-2004-0433 [CRITICAL] CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Debian
CVE-2004-0433: mplayer - Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for ...
vendor_debian·2004·CVSS 10.0
CVE-2004-0433 [CRITICAL] CVE-2004-0433: mplayer - Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for ...
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Scope: local
bookworm: resolved (fixed in 1.0~pre6a-1)
bullseye: resolved (fixed in 1.0~pre6a-1)
forky: resolved (fixed in 1.0~pre6a-1)
sid: resolved (fixed in 1.0~pre6a-1)
trixie: resolved (fixed in 1.0~pre6a-1)
No detection rules found.
No public exploits indexed.
http://security.gentoo.org/glsa/glsa-200405-24.xmlhttp://www.xinehq.de/index.php/security/XSA-2004-3https://exchange.xforce.ibmcloud.com/vulnerabilities/16019http://security.gentoo.org/glsa/glsa-200405-24.xmlhttp://www.xinehq.de/index.php/security/XSA-2004-3https://exchange.xforce.ibmcloud.com/vulnerabilities/16019
2004-08-18
Published