FreeBSD1B70BEF4-649F-11D9-A30E-000A95BC6FAElibxine -- multiple buffer overflows in RTSP
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.3%
A xine security announcement states:
Multiple vulnerabilities have been found and fixed in the
Real-Time Streaming Protocol (RTSP) client for RealNetworks
servers, including a series of potentially remotely
exploitable buffer overflows. This is a joint advisory by
the MPlayer and xine teams as the code in question is common
to these projects.
Severity: High (arbitrary remote code execution under the
user ID running the player) when playing Real RTSP streams.
At this time, there is no known exploit for these
vulnerabilities.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | mplayer | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk2 | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-esound | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk-esound | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | mplayer-gtk2-esound | < 0.99.4 | UNKNOWN |
| FreeBSD | any | noarch | libxine | < 1.0.r4 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.3%