CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.7%
The libxine development team reports that several
vulnerabilities had been found in the libxine library. The
first vulnerability is caused by improper checking of the
src/input/libreal/real.c “real_parse_sdp()” function.
A remote attacker could exploit this by tricking an user to
connect to a preparated server potentially causing a buffer
overflow. Another buffer overflow had been found in the
libmms library, potentially allowing a remote attacker to
cause a denial of service vulnerability, and possible remote
code execution through the following functions: send_command,
string_utf16, get_data and get_media_packets. Other functions
might be affected as well.