CVE-2006-2200

Name: CVE-2006-2200
Creator: NVD / NIST
Published: 2006-06-28T01:45:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.26%

Last modified Jun 16, 2026

CVE-2006-2200 is a vulnerability of currently unknown severity. Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.. EPSS estimates a 4.26% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.

Metrics

EPSS Probability

4.26%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Mimms	Mimms	0.0.9
Xine	Xine-Lib	1.1.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577
http://secunia.com/advisories/20749Vendor Advisory
http://secunia.com/advisories/20948Vendor Advisory
http://secunia.com/advisories/20964Vendor Advisory
http://secunia.com/advisories/21023Vendor Advisory
http://secunia.com/advisories/21036Vendor Advisory
http://secunia.com/advisories/21139Vendor Advisory
http://secunia.com/advisories/23218Vendor Advisory
http://secunia.com/advisories/23512Vendor Advisory
http://security.gentoo.org/glsa/glsa-200607-07.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
http://sourceforge.net/project/shownotes.php?release_id=468432
http://www.mandriva.com/security/advisories?name=MDKSA-2006:117
http://www.mandriva.com/security/advisories?name=MDKSA-2006:121
http://www.securityfocus.com/bid/18608
http://www.ubuntu.com/usn/usn-309-1
http://www.ubuntu.com/usn/usn-315-1
http://www.vupen.com/english/advisories/2006/2487Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577
http://secunia.com/advisories/20749Vendor Advisory
http://secunia.com/advisories/20948Vendor Advisory
http://secunia.com/advisories/20964Vendor Advisory
http://secunia.com/advisories/21023Vendor Advisory
http://secunia.com/advisories/21036Vendor Advisory
http://secunia.com/advisories/21139Vendor Advisory
http://secunia.com/advisories/23218Vendor Advisory
http://secunia.com/advisories/23512Vendor Advisory
http://security.gentoo.org/glsa/glsa-200607-07.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
http://sourceforge.net/project/shownotes.php?release_id=468432
http://www.mandriva.com/security/advisories?name=MDKSA-2006:117
http://www.mandriva.com/security/advisories?name=MDKSA-2006:121
http://www.securityfocus.com/bid/18608
http://www.ubuntu.com/usn/usn-309-1
http://www.ubuntu.com/usn/usn-315-1
http://www.vupen.com/english/advisories/2006/2487Vendor Advisory

Timeline

Published: Jun 28, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-2200?

How severe is CVE-2006-2200?

Severity scoring for CVE-2006-2200 is pending analysis. The EPSS model estimates a 4.26% probability of exploitation in the next 30 days.

How do I fix CVE-2006-2200?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2200?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST