CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0433

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile1.98th
PublishedAug 18, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

Affected Platforms (CPE)

πŸ“¦
Mplayer

Mplayer

= 1.0_pre3try2
πŸ“¦
Xine

Xine Lib

= 1_beta1
πŸ“¦
Xine

Xine Lib

= 1_beta2
πŸ“¦
Xine

Xine Lib

= 1_beta3
πŸ“¦
Xine

Xine Lib

= 1_beta4
πŸ“¦
Xine

Xine Lib

= 1_beta5
πŸ“¦
Xine

Xine Lib

= 1_beta6
πŸ“¦
Xine

Xine Lib

= 1_beta7
πŸ“¦
Xine

Xine Lib

= 1_beta8
πŸ“¦
Xine

Xine Lib

= 1_beta9
πŸ“¦
Xine

Xine Lib

= 1_beta10
πŸ“¦
Xine

Xine Lib

= 1_beta11
πŸ“¦
Xine

Xine Lib

= 1_rc2
πŸ“¦
Xine

Xine Lib

= 1_rc3a
πŸ“¦
Xine

Xine Lib

= 1_rc3b
πŸ“¦
Xine

Xine Lib

= 1_rc3c

References & Advisories

πŸ”— http://security.gentoo.org/glsa/glsa-200405-24.xml
πŸ”— http://www.xinehq.de/index.php/security/XSA-2004-3
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16019
πŸ”— http://security.gentoo.org/glsa/glsa-200405-24.xml
πŸ”— http://www.xinehq.de/index.php/security/XSA-2004-3
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16019

Related Vulnerabilities

CVE-2004-038610.0

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary co...

CVE-2004-065910.0

Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long ...

CVE-2004-118810.0

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properl...

CVE-2004-118710.0

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same cod...