CVE-2006-2802
published 2006-06-03CVE-2006-2802: Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.89%
95.3th percentile
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ffmpeg | < ffmpeg 0.cvs20060329-1 (bookworm) | ffmpeg 0.cvs20060329-1 (bookworm) |
| debian | mplayer | < ffmpeg 0.cvs20060329-1 (bookworm) | ffmpeg 0.cvs20060329-1 (bookworm) |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | >= 0 < 0.cvs20060329-1 | 0.cvs20060329-1 |
| ffmpeg | ffmpeg | >= 0 < 0.cvs20060329-1 | 0.cvs20060329-1 |
| ffmpeg | ffmpeg | >= 0 < 0.cvs20060329-1 | 0.cvs20060329-1 |
| ffmpeg | ffmpeg | >= 0 < 0.cvs20060329-1 | 0.cvs20060329-1 |
| mplayer | mplayer | >= 0 < 1.0~rc1-1 | 1.0~rc1-1 |
| mplayer | mplayer | >= 0 < 1.0~rc1-1 | 1.0~rc1-1 |
| mplayer | mplayer | >= 0 < 1.0~rc1-1 | 1.0~rc1-1 |
| mplayer | mplayer | >= 0 < 1.0~rc1-1 | 1.0~rc1-1 |
| xine | gxine | — | — |
| xine | xine-lib | <= 1.1.1 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hpv-pj9m-wmwr: Buffer overflow in ffmpeg for xine-lib before 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4799 [HIGH] GHSA-7hpv-pj9m-wmwr: Buffer overflow in ffmpeg for xine-lib before 1
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
GHSA
GHSA-4qm4-cvh9-rfwh: Multiple buffer overflows in libavcodec in ffmpeg before 0
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-4800 [HIGH] GHSA-4qm4-cvh9-rfwh: Multiple buffer overflows in libavcodec in ffmpeg before 0
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
GHSA
GHSA-4qgc-r788-x389: Buffer overflow in the HTTP Plugin (xineplug_inp_http
ghsa_unreviewed·2022-05-01
CVE-2006-2802 [MEDIUM] GHSA-4qgc-r788-x389: Buffer overflow in the HTTP Plugin (xineplug_inp_http
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
OSV
CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg before 0
osv·2006-09-14·CVSS 7.5
CVE-2006-4800 [HIGH] CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg before 0
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Ubuntu
xine-lib vulnerability
vendor_ubuntu·2006-06-09
CVE-2006-2802 xine-lib vulnerability
Title: xine-lib vulnerability
Summary: xine-lib vulnerability
Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Debian
CVE-2006-4800: ffmpeg - Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow r...
vendor_debian·2006·CVSS 7.5
CVE-2006-4800 [HIGH] CVE-2006-4800: ffmpeg - Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow r...
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Scope: local
bookworm: resolved (fixed in 0.cvs20060329-1)
bullseye: resolved (fixed in 0.cvs20060329-1)
forky: resolved (fixed in 0.cvs20060329-1)
sid: resolved (fixed in 0.cvs20060329-1)
trixie: resolved (fixed in 0.cvs20060329-1)
No detection rules found.
No writeups or analysis indexed.
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://secunia.com/advisories/20369http://secunia.com/advisories/20549http://secunia.com/advisories/20766http://secunia.com/advisories/20828http://secunia.com/advisories/20942http://secunia.com/advisories/21919http://security.gentoo.org/glsa/glsa-200609-08.xmlhttp://www.debian.org/security/2006/dsa-1105http://www.mandriva.com/security/advisories?name=MDKSA-2006:108http://www.osvdb.org/25936http://www.securityfocus.com/bid/18187https://exchange.xforce.ibmcloud.com/vulnerabilities/26972https://usn.ubuntu.com/295-1/https://www.exploit-db.com/exploits/1852http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://secunia.com/advisories/20369http://secunia.com/advisories/20549http://secunia.com/advisories/20766http://secunia.com/advisories/20828http://secunia.com/advisories/20942http://secunia.com/advisories/21919http://security.gentoo.org/glsa/glsa-200609-08.xmlhttp://www.debian.org/security/2006/dsa-1105http://www.mandriva.com/security/advisories?name=MDKSA-2006:108http://www.osvdb.org/25936http://www.securityfocus.com/bid/18187https://exchange.xforce.ibmcloud.com/vulnerabilities/26972https://usn.ubuntu.com/295-1/https://www.exploit-db.com/exploits/1852
2006-06-03
Published