FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- multiple buffer overflows in RTSP

Affected packages
mplayer < 0.99.4
mplayer-esound < 0.99.4
mplayer-gtk < 0.99.4
mplayer-gtk-esound < 0.99.4
mplayer-gtk2 < 0.99.4
mplayer-gtk2-esound < 0.99.4
libxine < 1.0.r4

Details

VuXML ID 1b70bef4-649f-11d9-a30e-000a95bc6fae
Discovery 2004-05-25
Entry 2005-01-12

A xine security announcement states:

Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol (RTSP) client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the code in question is common to these projects.

Severity: High (arbitrary remote code execution under the user ID running the player) when playing Real RTSP streams. At this time, there is no known exploit for these vulnerabilities.

[source]

References

Bugtraq ID 10245
CVE Name CVE-2004-0433
URL http://xforce.iss.net/xforce/xfdb/16019
URL http://xinehq.de/index.php/security/XSA-2004-3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.