Vulnerability Name:

CVE-2004-0433 (CCN-16019)

Assigned:2004-04-30
Published:2004-04-30
Updated:2017-07-11
Summary:Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0433

Source: GENTOO
Type: Vendor Advisory
GLSA-200405-24

Source: CCN
Type: GLSA-200405-24
MPlayer, xine-lib: vulnerabilities in RTSP stream handling

Source: CCN
Type: MPlayer Web site
Mplayer:HU _ The Movie Player for Linux

Source: CCN
Type: OSVDB ID: 5723
MPlayer/xine-lib HTTP Parser Overflow

Source: CCN
Type: OSVDB ID: 5724
MPlayer/xine-lib RTSP Session Negotiation Overflow

Source: CCN
Type: OSVDB ID: 5725
MPlayer/xine-lib RealNetwork RDT Response Overflow

Source: CCN
Type: BID-10245
MPlayer/Xine-Lib Multiple RealRTSP Buffer Overrun Vulnerabilities

Source: CCN
Type: slackware-security Mailing List, Mon, 3 May 2004 13:07:44 -0700 (PDT)
xine-lib update (SSA:2004-124-03)

Source: CONFIRM
Type: UNKNOWN
http://www.xinehq.de/index.php/security/XSA-2004-3

Source: CCN
Type: xine Web site
xine - A Free Video Player

Source: CCN
Type: The xine-Project Security Advisory XSA-2004-3
Multiple vulnerabilities have being found and fixed in the Real-Time Streaming

Source: XF
Type: UNKNOWN
mplayer-rtsp-rdt-bo(16019)

Source: XF
Type: UNKNOWN
mplayer-rtsp-rdt-bo(16019)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mplayer mplayer 1.0_pre3try2
    xine xine-lib 1_beta1
    xine xine-lib 1_beta2
    xine xine-lib 1_beta3
    xine xine-lib 1_beta4
    xine xine-lib 1_beta5
    xine xine-lib 1_beta6
    xine xine-lib 1_beta7
    xine xine-lib 1_beta8
    xine xine-lib 1_beta9
    xine xine-lib 1_beta10
    xine xine-lib 1_beta11
    xine xine-lib 1_rc2
    xine xine-lib 1_rc3a
    xine xine-lib 1_rc3b
    xine xine-lib 1_rc3c