Launchpad.net

CVE 2006-6172

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Related bugs and status

CVE-2006-6172 (Candidate) is related to these bugs:

Bug #163291: CVE-2006-6172: Buffer overflow in asmrp.c

		In	Importance	Status
163291	CVE-2006-6172: Buffer overflow in asmrp.c	mplayer (Ubuntu)	Undecided	Fix Released
163291	CVE-2006-6172: Buffer overflow in asmrp.c	mplayer (Ubuntu Dapper)	Undecided	Fix Released
163291	CVE-2006-6172: Buffer overflow in asmrp.c	mplayer (Ubuntu Edgy)	Undecided	Fix Released

Bug #922668: Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	922668	Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)		xine-lib-1.2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
UBUNTU: USN-392-1
BID: 21435
SECUNIA: 23218
SECUNIA: 23242
SECUNIA: 23249
GENTOO: GLSA-200612-02
SUSE: SUSE-SR:2006:028
SECUNIA: 23301
SECUNIA: 23335
DEBIAN: DSA-1244
SECUNIA: 23512
SECUNIA: 23567
GENTOO: GLSA-200702-11
MISC: http://www.mplayerhq.h...
CONFIRM: http://www.mplayerhq.h...
SECUNIA: 24336
SECUNIA: 24339
SECUNIA: 25555
MANDRIVA: MDKSA-2006:224
MANDRIVA: MDKSA-2007:112
VUPEN: ADV-2006-4824
MISC: https://sourceforge.ne...
SLACKWARE: SSA:2006-357-05