Description
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
Product(s):
- MPlayer
- Xine Xine-lib 1 Beta10
- Xine Xine-lib 1 Beta11
- Xine Xine-lib 1_beta1
- Xine Xine-lib 1_beta2
- Xine Xine-lib 1_beta3
- Xine Xine-lib 1_beta4
- Xine Xine-lib 1_beta5
- Xine Xine-lib 1_beta6
- Xine Xine-lib 1_beta7
- Xine Xine-lib 1_beta8
- Xine Xine-lib 1_beta9
- Xine Xine-lib 1_rc2
- Xine Xine-lib 1_rc3a
- Xine Xine-lib 1_rc3b
- Xine Xine-lib 1_rc3c
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1195, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1195 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.