CVE-2006-2200
published 2006-06-28CVE-2006-2200: Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service…
PriorityP429medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
4.26%
89.8th percentile
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libmms | < libmms 0.2-7 (bookworm) | libmms 0.2-7 (bookworm) |
| mimms | mimms | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w7h3-c9rv-r2c9: Stack-based buffer overflow in libmms, as used by (a) MiMMS 0
ghsa_unreviewed·2022-05-01
CVE-2006-2200 [MEDIUM] CWE-119 GHSA-w7h3-c9rv-r2c9: Stack-based buffer overflow in libmms, as used by (a) MiMMS 0
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
OSV
CVE-2006-2200: Stack-based buffer overflow in libmms, as used by (a) MiMMS 0
osv·2006-06-28·CVSS 5.1
CVE-2006-2200 [MEDIUM] CVE-2006-2200: Stack-based buffer overflow in libmms, as used by (a) MiMMS 0
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
Ubuntu
libmms vulnerability
vendor_ubuntu·2006-07-06
CVE-2006-2200 libmms vulnerability
Title: libmms vulnerability
Summary: libmms vulnerability
Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an
application using libmms, a remote attacker could overwrite an
arbitrary memory portion with zeros, thereby crashing the program.
In Ubuntu 5.10, this affects the GStreamer MMS plugin
(gstreamer0.8-mms). Other Ubuntu releases do not support this library.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2006-2200: libmms - Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-l...
vendor_debian·2006·CVSS 5.1
CVE-2006-2200 [MEDIUM] CVE-2006-2200: libmms - Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-l...
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
Scope: local
bookworm: resolved (fixed in 0.2-7)
bullseye: resolved (fixed in 0.2-7)
forky: resolved (fixed in 0.2-7)
sid: resolved (fixed in 0.2-7)
trixie: resolved (fixed in 0.2-7)
No detection rules found.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577http://secunia.com/advisories/20749http://secunia.com/advisories/20948http://secunia.com/advisories/20964http://secunia.com/advisories/21023http://secunia.com/advisories/21036http://secunia.com/advisories/21139http://secunia.com/advisories/23218http://secunia.com/advisories/23512http://security.gentoo.org/glsa/glsa-200607-07.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842http://sourceforge.net/project/shownotes.php?release_id=468432http://www.mandriva.com/security/advisories?name=MDKSA-2006:117http://www.mandriva.com/security/advisories?name=MDKSA-2006:121http://www.securityfocus.com/bid/18608http://www.ubuntu.com/usn/usn-309-1http://www.ubuntu.com/usn/usn-315-1http://www.vupen.com/english/advisories/2006/2487http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577http://secunia.com/advisories/20749http://secunia.com/advisories/20948http://secunia.com/advisories/20964http://secunia.com/advisories/21023http://secunia.com/advisories/21036http://secunia.com/advisories/21139http://secunia.com/advisories/23218http://secunia.com/advisories/23512http://security.gentoo.org/glsa/glsa-200607-07.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842http://sourceforge.net/project/shownotes.php?release_id=468432http://www.mandriva.com/security/advisories?name=MDKSA-2006:117http://www.mandriva.com/security/advisories?name=MDKSA-2006:121http://www.securityfocus.com/bid/18608http://www.ubuntu.com/usn/usn-309-1http://www.ubuntu.com/usn/usn-315-1http://www.vupen.com/english/advisories/2006/2487
2006-06-28
Published