MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

BID:13271

Info

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

Bugtraq ID: 13271
Class: Boundary Condition Error
CVE: CVE-2005-1195
Remote: Yes
Local: No
Published: Apr 20 2005 12:00AM
Updated: Mar 02 2007 09:15PM
Credit: The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable: xine xine 1.0
xine xine 0.9.18
xine xine 0.9.13
xine xine 1-rc8
xine xine 1-rc7
xine xine 1-rc6a
xine xine 1-rc6
xine xine 1-rc5
xine xine 1-rc4
xine xine 1-rc3b
xine xine 1-rc3a
xine xine 1-rc3
xine xine 1-rc2
xine xine 1-rc1
xine xine 1-rc1
xine xine 1-rc0a
xine xine 1-rc0
xine xine 1-beta9
xine xine 1-beta8
xine xine 1-beta7
xine xine 1-beta6
xine xine 1-beta5
xine xine 1-beta4
xine xine 1-beta3
xine xine 1-beta2
xine xine 1-beta12
xine xine 1-beta11
xine xine 1-beta10
xine xine 1-beta1
xine xine 1-alpha
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
SuSE Linux 8.1
SuSE Linux 8.0 i386
SuSE Linux 8.0
SuSE Linux 7.3 sparc
SuSE Linux 7.3 ppc
SuSE Linux 7.3 i386
SuSE Linux 7.3
SuSE Linux 7.2 i386
SuSE Linux 7.2
SuSE Linux 7.1 x86
SuSE Linux 7.1 sparc
SuSE Linux 7.1 ppc
SuSE Linux 7.1 alpha
SuSE Linux 7.1
SuSE Linux 7.0 sparc
SuSE Linux 7.0 ppc
SuSE Linux 7.0 i386
SuSE Linux 7.0 alpha
SuSE Linux 7.0
SuSE Linux 6.4 ppc
SuSE Linux 6.4 i386
SuSE Linux 6.4 alpha
SuSE Linux 6.4
SuSE Linux 6.3 ppc
SuSE Linux 6.3 alpha
SuSE Linux 6.3
SuSE Linux 6.2
SuSE Linux 6.1 alpha
SuSE Linux 6.1
SuSE Linux 6.0
SuSE Linux 5.3
SuSE Linux 5.2
SuSE Linux 5.1
SuSE Linux 5.0
SuSE Linux 4.4.1
SuSE Linux 4.4
SuSE Linux 4.3
SuSE Linux 4.2
SuSE Linux 4.0
SuSE Linux 3.0
SuSE Linux 2.0
SuSE Linux 1.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux -current
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Peachtree Linux release 1
MPlayer MPlayer 1.0 pre6
+ Gentoo Linux
MPlayer MPlayer 1.0 pre5try2
MPlayer MPlayer 1.0 pre5try1
MPlayer MPlayer 1.0 pre5
+ Gentoo Linux 1.4
+ Gentoo Linux
MPlayer MPlayer 1.0 pre4
MPlayer MPlayer 1.0 pre3try2
MPlayer MPlayer 1.0 pre3
MPlayer MPlayer 1.0 pre2
MPlayer MPlayer 1.0 pre1
MPlayer MPlayer 0.92.1
MPlayer MPlayer 0.92
MPlayer MPlayer 0.91
MPlayer MPlayer 0.90 rc series
MPlayer MPlayer 0.90 pre series
MPlayer MPlayer 0.90
MPlayer MPlayer 0.9 0rc4
MMS Ripper MMS Ripper 0.6.2
MMS Ripper MMS Ripper 0.6
MMS Ripper MMS Ripper 0.4.2
MMS Ripper MMS Ripper 0.4.1
MMS Ripper MMS Ripper 0.4
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Not Vulnerable: xine xine 1.0.1
xine xine 0.9.18
+ S.u.S.E. Linux Personal 8.2
xine xine 0.9.13
xine xine 0.9.8
- Debian Linux 3.0 sparc
 - Debian Linux 3.0 s/390
 - Debian Linux 3.0 ppc
 - Debian Linux 3.0 mipsel
 - Debian Linux 3.0 mips
 - Debian Linux 3.0 m68k
 - Debian Linux 3.0 ia-64
 - Debian Linux 3.0 ia-32
 - Debian Linux 3.0 hppa
 - Debian Linux 3.0 arm
 - Debian Linux 3.0 alpha
 - Debian Linux 3.0
MMS Ripper MMS Ripper 0.6.4

Discussion

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

A remote heap-based buffer-overflow vulnerability affects MPlayer because the application fails to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Exploit / POC

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

Solution:
The vendor has released a patch dealing with this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


Turbolinux Home

xine xine 1-rc5

MMS Ripper MMS Ripper 0.4

MMS Ripper MMS Ripper 0.4.1

MMS Ripper MMS Ripper 0.4.2

MMS Ripper MMS Ripper 0.6

MMS Ripper MMS Ripper 0.6.2

MPlayer MPlayer 1.0 pre3

MPlayer MPlayer 1.0 pre5try2

MPlayer MPlayer 1.0 pre5try1

MPlayer MPlayer 1.0 pre4

xine xine 1.0

MPlayer MPlayer 1.0 pre5

MPlayer MPlayer 1.0 pre6

Turbolinux Turbolinux Desktop 10.0

References

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report