CVE - CVE-2006-6172

CVE-ID
CVE-2006-6172	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21435 URL:http://www.securityfocus.com/bid/21435 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=468432 CONFIRM:http://www.mplayerhq.hu/design7/news.html#vuln14 DEBIAN:DSA-1244 URL:http://www.debian.org/security/2006/dsa-1244 GENTOO:GLSA-200612-02 URL:http://security.gentoo.org/glsa/glsa-200612-02.xml GENTOO:GLSA-200702-11 URL:http://security.gentoo.org/glsa/glsa-200702-11.xml MANDRIVA:MDKSA-2006:224 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:224~~ (Obsolete source) MANDRIVA:MDKSA-2007:112 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:112~~ (Obsolete source) MISC:http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655 SECUNIA:23218 URL:http://secunia.com/advisories/23218 SECUNIA:23242 URL:http://secunia.com/advisories/23242 SECUNIA:23249 URL:http://secunia.com/advisories/23249 SECUNIA:23301 URL:http://secunia.com/advisories/23301 SECUNIA:23335 URL:http://secunia.com/advisories/23335 SECUNIA:23512 URL:http://secunia.com/advisories/23512 SECUNIA:23567 URL:http://secunia.com/advisories/23567 SECUNIA:24336 URL:http://secunia.com/advisories/24336 SECUNIA:24339 URL:http://secunia.com/advisories/24339 SECUNIA:25555 URL:http://secunia.com/advisories/25555 SLACKWARE:SSA:2006-357-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842 SUSE:SUSE-SR:2006:028 URL:http://www.novell.com/linux/security/advisories/2006_28_sr.html UBUNTU:USN-392-1 URL:http://www.ubuntu.com/usn/usn-392-1 VUPEN:ADV-2006-4824 URL:~~http://www.vupen.com/english/advisories/2006/4824~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20061130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)