CVE-2004-0433

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://security.gentoo.org/glsa/glsa-200405-24.xml	Vendor Advisory
http://www.xinehq.de/index.php/security/XSA-2004-3
https://exchange.xforce.ibmcloud.com/vulnerabilities/16019

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta1:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta2:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta3:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta4:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta5:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta6:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta7:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta8:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta9:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta10:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta11:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc2:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3a:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3b:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3c:::::::*

History

No history.

Information

Published : 2004-08-18 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0433

Mitre link : CVE-2004-0433

CVE.ORG link : CVE-2004-0433

JSON object : View

Products Affected

mplayer

mplayer

xine

xine-lib

CWE

NVD-CWE-Other

{"id": "CVE-2004-0433", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.xinehq.de/index.php/security/XSA-2004-3", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en cliente Real-Time Streaming Protocol (RTSP) de (1) MPlayer anteriores a 1.0pre4 y (2) xine lib (xine-lib) anteriores a 1-rc4, cuando reproduce secuencias Real trsp (realrtsp), que permiten a atacantes remotos causar una denegaci\u00f3n de servivio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su eleccion mediante (a) URLs largas, (b) respuestas de servidor Real largas, o (c) paquetes de transporte de datos Real (RDT) largos."}], "lastModified": "2017-07-11T01:30:09.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797"}, {"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}