FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- multiple buffer overflows in RTSP

Affected packages
mplayer < 0.99.4
mplayer-esound < 0.99.4
mplayer-gtk < 0.99.4
mplayer-gtk-esound < 0.99.4
mplayer-gtk2 < 0.99.4
mplayer-gtk2-esound < 0.99.4
libxine < 1.0.r4

Details

VuXML ID 1b70bef4-649f-11d9-a30e-000a95bc6fae
Discovery 2004-05-25
Entry 2005-01-12

A xine security announcement states:

Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol (RTSP) client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the code in question is common to these projects.

Severity: High (arbitrary remote code execution under the user ID running the player) when playing Real RTSP streams. At this time, there is no known exploit for these vulnerabilities.

References

Bugtraq ID 10245
CVE Name CVE-2004-0433
URL http://xforce.iss.net/xforce/xfdb/16019
URL http://xinehq.de/index.php/security/XSA-2004-3