cbcvebase.
CVE-2004-0433
published 2004-08-18

CVE-2004-0433: Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when…

PriorityP434critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.12%
91.3th percentile
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

Affected

21 ranges
VendorProductVersion rangeFixed in
debianmplayer< mplayer 1.0~pre6a-1 (bookworm)mplayer 1.0~pre6a-1 (bookworm)
mplayermplayer
mplayermplayer>= 0 < 1.0~pre6a-11.0~pre6a-1
mplayermplayer>= 0 < 1.0~pre6a-11.0~pre6a-1
mplayermplayer>= 0 < 1.0~pre6a-11.0~pre6a-1
mplayermplayer>= 0 < 1.0~pre6a-11.0~pre6a-1
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.