FreeBSDB2FF68B2-9F29-11DB-A4E4-0211D87675B7mplayer -- buffer overflow in the code for RealMedia RTSP streams.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.7%
A potential buffer overflow was found in the code used to handle
RealMedia RTSP streams. When checking for matching asm rules, the code
stores the results in a fixed-size array, but no boundary checks are
performed. This may lead to a buffer overflow if the user is tricked
into connecting to a malicious server. Since the attacker cannot write
arbitrary data into the buffer, creating an exploit is very hard; but a
DoS attack is easily made.
A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006
UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c,
stream/realrtsp/asmrp.h and stream/realrtsp/real.c.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | mplayer | < 0.99.10_1 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-esound | < 0.99.10_1 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk | < 0.99.10_1 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk2 | < 0.99.10_1 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk-esound | < 0.99.10_1 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk2-esound | < 0.99.10_1 | UNKNOWN |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.7%