CVE-2005-1195

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
http://seclists.org/lists/bugtraq/2005/Apr/0337.html
http://secunia.com/advisories/15014	Patch
http://securitytracker.com/id?1013771
http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10	Patch
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11	Patch
http://www.osvdb.org/15711
http://www.osvdb.org/15712
http://www.securityfocus.com/archive/1/396703
http://www.securityfocus.com/bid/13271
https://exchange.xforce.ibmcloud.com/vulnerabilities/20171
https://exchange.xforce.ibmcloud.com/vulnerabilities/20175
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
http://seclists.org/lists/bugtraq/2005/Apr/0337.html
http://secunia.com/advisories/15014	Patch
http://securitytracker.com/id?1013771
http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10	Patch
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11	Patch
http://www.osvdb.org/15711
http://www.osvdb.org/15712
http://www.securityfocus.com/archive/1/396703
http://www.securityfocus.com/bid/13271
https://exchange.xforce.ibmcloud.com/vulnerabilities/20171
https://exchange.xforce.ibmcloud.com/vulnerabilities/20175

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mplayer:mplayer::::::::
	cpe:2.3:a:xine:xine-lib:1_beta1:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta2:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta3:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta4:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta5:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta6:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta7:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta8:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta9:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta10:::::::*
	cpe:2.3:a:xine:xine-lib:1_beta11:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc2:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3a:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3b:::::::*
	cpe:2.3:a:xine:xine-lib:1_rc3c:::::::*

History

20 Nov 2024, 23:56

Type	Values Removed	Values Added
References	~~() http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u -~~	() http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u -
References	~~() http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u -~~	() http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u -
References	~~() http://seclists.org/lists/bugtraq/2005/Apr/0337.html -~~	() http://seclists.org/lists/bugtraq/2005/Apr/0337.html -
References	~~() http://secunia.com/advisories/15014 - Patch~~	() http://secunia.com/advisories/15014 - Patch
References	~~() http://securitytracker.com/id?1013771 -~~	() http://securitytracker.com/id?1013771 -
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml -
References	~~() http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 - Patch~~	() http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 - Patch
References	~~() http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 - Patch~~	() http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 - Patch
References	~~() http://www.osvdb.org/15711 -~~	() http://www.osvdb.org/15711 -
References	~~() http://www.osvdb.org/15712 -~~	() http://www.osvdb.org/15712 -
References	~~() http://www.securityfocus.com/archive/1/396703 -~~	() http://www.securityfocus.com/archive/1/396703 -
References	~~() http://www.securityfocus.com/bid/13271 -~~	() http://www.securityfocus.com/bid/13271 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/20171 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/20171 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/20175 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/20175 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56

NVD link : CVE-2005-1195

Mitre link : CVE-2005-1195

CVE.ORG link : CVE-2005-1195

JSON object : View

Products Affected

xine

xine-lib

mplayer

mplayer

CWE

NVD-CWE-Other

7.5 /10