CVE-2004-0433

Description

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

Software From Fixed in
mplayer / mplayer 1.0_pre3try2 1.0_pre3try2.x
xine / xine-lib 1_beta1 1_beta1.x
xine / xine-lib 1_beta10 1_beta10.x
xine / xine-lib 1_beta11 1_beta11.x
xine / xine-lib 1_beta2 1_beta2.x
xine / xine-lib 1_beta3 1_beta3.x
xine / xine-lib 1_beta4 1_beta4.x
xine / xine-lib 1_beta5 1_beta5.x
xine / xine-lib 1_beta6 1_beta6.x
xine / xine-lib 1_beta7 1_beta7.x
xine / xine-lib 1_beta8 1_beta8.x
xine / xine-lib 1_beta9 1_beta9.x
xine / xine-lib 1_rc2 1_rc2.x
xine / xine-lib 1_rc3a 1_rc3a.x
xine / xine-lib 1_rc3b 1_rc3b.x
xine / xine-lib 1_rc3c 1_rc3c.x