Vulnerability Description
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | 1.0_pre3try2 |
| Xine | Xine-Lib | 1_beta1 |
References
- http://security.gentoo.org/glsa/glsa-200405-24.xmlVendor Advisory
- http://www.xinehq.de/index.php/security/XSA-2004-3
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16019
- http://security.gentoo.org/glsa/glsa-200405-24.xmlVendor Advisory
- http://www.xinehq.de/index.php/security/XSA-2004-3
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16019
FAQ
What is CVE-2004-0433?
CVE-2004-0433 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow re...
How severe is CVE-2004-0433?
CVE-2004-0433 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0433?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer, Xine Xine-Lib.