CVE-2005-1195
published 2005-05-02CVE-2005-1195: Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.38%
90.1th percentile
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | — | — |
| mplayer | mplayer | <= 1.0_pre6 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Xine library vulnerabilities
vendor_ubuntu·2005-05-06
CVE-2005-1195 Xine library vulnerabilities
Title: Xine library vulnerabilities
Summary: Xine library vulnerabilities
Two buffer overflows have been discovered in the MMS and Real RTSP
stream handlers of the Xine library. By tricking a user to connect to
a malicious MMS or RTSP video/audio stream source with an application
that uses this library, an attacker could crash the client and
possibly even execute arbitrary code with the privileges of the player
application.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2005-1195: mplayer - Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP...
vendor_debian·2005·CVSS 7.5
CVE-2005-1195 [HIGH] CVE-2005-1195: mplayer - Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP...
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-j7w7-cpg3-7c4q: Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1
ghsa_unreviewed·2022-05-01
CVE-2005-1195 [HIGH] GHSA-j7w7-cpg3-7c4q: Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
No detection rules found.
No public exploits indexed.
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=uhttp://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=uhttp://seclists.org/lists/bugtraq/2005/Apr/0337.htmlhttp://secunia.com/advisories/15014http://securitytracker.com/id?1013771http://www.gentoo.org/security/en/glsa/glsa-200504-19.xmlhttp://www.mplayerhq.hu/homepage/design7/news.html#vuln10http://www.mplayerhq.hu/homepage/design7/news.html#vuln11http://www.osvdb.org/15711http://www.osvdb.org/15712http://www.securityfocus.com/archive/1/396703http://www.securityfocus.com/bid/13271https://exchange.xforce.ibmcloud.com/vulnerabilities/20171https://exchange.xforce.ibmcloud.com/vulnerabilities/20175http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=uhttp://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=uhttp://seclists.org/lists/bugtraq/2005/Apr/0337.htmlhttp://secunia.com/advisories/15014http://securitytracker.com/id?1013771http://www.gentoo.org/security/en/glsa/glsa-200504-19.xmlhttp://www.mplayerhq.hu/homepage/design7/news.html#vuln10http://www.mplayerhq.hu/homepage/design7/news.html#vuln11http://www.osvdb.org/15711http://www.osvdb.org/15712http://www.securityfocus.com/archive/1/396703http://www.securityfocus.com/bid/13271https://exchange.xforce.ibmcloud.com/vulnerabilities/20171https://exchange.xforce.ibmcloud.com/vulnerabilities/20175
2005-05-02
Published