CVE-2005-1195

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
References
Link Resource
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
http://seclists.org/lists/bugtraq/2005/Apr/0337.html
http://secunia.com/advisories/15014 Patch
http://securitytracker.com/id?1013771
http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 Patch
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 Patch
http://www.osvdb.org/15711
http://www.osvdb.org/15712
http://www.securityfocus.com/archive/1/396703
http://www.securityfocus.com/bid/13271
https://exchange.xforce.ibmcloud.com/vulnerabilities/20171
https://exchange.xforce.ibmcloud.com/vulnerabilities/20175
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
http://seclists.org/lists/bugtraq/2005/Apr/0337.html
http://secunia.com/advisories/15014 Patch
http://securitytracker.com/id?1013771
http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 Patch
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 Patch
http://www.osvdb.org/15711
http://www.osvdb.org/15712
http://www.securityfocus.com/archive/1/396703
http://www.securityfocus.com/bid/13271
https://exchange.xforce.ibmcloud.com/vulnerabilities/20171
https://exchange.xforce.ibmcloud.com/vulnerabilities/20175
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*

History

20 Nov 2024, 23:56

Type Values Removed Values Added
References () http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u - () http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u -
References () http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u - () http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u -
References () http://seclists.org/lists/bugtraq/2005/Apr/0337.html - () http://seclists.org/lists/bugtraq/2005/Apr/0337.html -
References () http://secunia.com/advisories/15014 - Patch () http://secunia.com/advisories/15014 - Patch
References () http://securitytracker.com/id?1013771 - () http://securitytracker.com/id?1013771 -
References () http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml - () http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml -
References () http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 - Patch () http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 - Patch
References () http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 - Patch () http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 - Patch
References () http://www.osvdb.org/15711 - () http://www.osvdb.org/15711 -
References () http://www.osvdb.org/15712 - () http://www.osvdb.org/15712 -
References () http://www.securityfocus.com/archive/1/396703 - () http://www.securityfocus.com/archive/1/396703 -
References () http://www.securityfocus.com/bid/13271 - () http://www.securityfocus.com/bid/13271 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/20171 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/20171 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/20175 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/20175 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56


NVD link : CVE-2005-1195

Mitre link : CVE-2005-1195

CVE.ORG link : CVE-2005-1195


JSON object : View

Products Affected

xine

  • xine-lib

mplayer

  • mplayer