CVE-2004-1311 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

3.4%

top 12.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedJan 10

Latest updateApr 29

Description

Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~pre6a-1 (bookworm)

▶Debianmplayer/mplayer< 1.0~pre6a-1+3

▶NVDmplayer/mplayer1.0_pre5

🔴Vulnerability Details

GHSA

GHSA-gxf7-qxj8-45vp: Integer overflow in the real_setup_and_get_header function in real↗2022-04-29

▶

OSV

CVE-2004-1311: Integer overflow in the real_setup_and_get_header function in real↗2005-01-10

▶

📋Vendor Advisories

Debian

CVE-2004-1311: mplayer - Integer overflow in the real_setup_and_get_header function in real.c for Unix MP...↗2004

▶