Vulnerability Details : CVE-2006-6172
Potential exploit
Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-6172
- cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
- cpe:2.3:a:xine:real_media_input_plugin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6172
4.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6172
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-6172
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
The Slackware Linux Project: Slackware Security Advisories
-
http://www.securityfocus.com/bid/21435
-
http://www.mplayerhq.hu/design7/news.html#vuln14
MPlayer - The Movie Player
-
http://secunia.com/advisories/23249
About Secunia Research | Flexera
-
http://www.novell.com/linux/security/advisories/2006_28_sr.html
404 Page Not Found | SUSE
-
http://www.ubuntu.com/usn/usn-392-1
USN-392-1: xine-lib vulnerability | Ubuntu security notices | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200612-02.xml
xine-lib: Buffer overflow (GLSA 200612-02) — Gentoo security
-
http://sourceforge.net/project/shownotes.php?release_id=468432
Page not found - SourceForge.net
-
http://secunia.com/advisories/24339
About Secunia Research | Flexera
-
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
-
http://www.debian.org/security/2006/dsa-1244
[SECURITY] [DSA 1244-1] New xine-lib packages fix arbitrary code execution
-
http://secunia.com/advisories/23567
About Secunia Research | Flexera
-
http://secunia.com/advisories/23335
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:224
Mandriva
-
http://www.vupen.com/english/advisories/2006/4824
Site en construction
-
http://secunia.com/advisories/24336
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:112
Mandriva
-
http://secunia.com/advisories/23242
About Secunia Research | Flexera
-
http://security.gentoo.org/glsa/glsa-200702-11.xml
MPlayer: Buffer overflow (GLSA 200702-11) — Gentoo security
-
http://secunia.com/advisories/23301
About Secunia Research | Flexera
-
http://secunia.com/advisories/23218
About Secunia Research | Flexera
-
http://secunia.com/advisories/23512
About Secunia Research | Flexera
-
https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655
Page not found - SourceForge.netExploit;Patch;Vendor Advisory
-
http://secunia.com/advisories/25555
About Secunia Research | Flexera
Jump to