CVE-2004-0433
Last modified
CVE-2004-0433 is a vulnerability of currently unknown severity. Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.. EPSS estimates a 5.12% chance of exploitation in the next 30 days.
Description
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | 1.0_pre3try2 |
| Xine | Xine-Lib | 1_beta1 |
| Xine | Xine-Lib | 1_beta2 |
| Xine | Xine-Lib | 1_beta3 |
| Xine | Xine-Lib | 1_beta4 |
| Xine | Xine-Lib | 1_beta5 |
| Xine | Xine-Lib | 1_beta6 |
| Xine | Xine-Lib | 1_beta7 |
| Xine | Xine-Lib | 1_beta8 |
| Xine | Xine-Lib | 1_beta9 |
| Xine | Xine-Lib | 1_beta10 |
| Xine | Xine-Lib | 1_beta11 |
| Xine | Xine-Lib | 1_rc2 |
| Xine | Xine-Lib | 1_rc3a |
| Xine | Xine-Lib | 1_rc3b |
| Xine | Xine-Lib | 1_rc3c |
References
- http://security.gentoo.org/glsa/glsa-200405-24.xmlVendor Advisory
- http://security.gentoo.org/glsa/glsa-200405-24.xmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-0433?
How severe is CVE-2004-0433?
How do I fix CVE-2004-0433?
Are you affected by CVE-2004-0433?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST