6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.099 Low
EPSS
Percentile
94.9%
Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers
to execute arbitrary code via the SDP Abstract attribute in an RTSP
session, related to the rmff_dump_header function and related to
disregarding the max field. NOTE: some of these details are obtained from
third party information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | mplayer | < 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2 | UNKNOWN |
ubuntu | 6.10 | noarch | mplayer | < 2:0.99+1.0pre8-0ubuntu8.3 | UNKNOWN |
ubuntu | 7.04 | noarch | mplayer | < 2:1.0~rc1-0ubuntu9.3 | UNKNOWN |
ubuntu | 7.10 | noarch | mplayer | < 2:1.0~rc1-0ubuntu13.2 | UNKNOWN |
ubuntu | 6.06 | noarch | xine-lib | < 1.1.1+ubuntu2-7.9 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-lib | < 1.1.4-2ubuntu3.1 | UNKNOWN |
ubuntu | 7.10 | noarch | xine-lib | < 1.1.7-1ubuntu1.3 | UNKNOWN |