CVE-2004-1311
EPSS 3.4%
Description
Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.
How to fix CVE-2004-1311
To remediate CVE-2004-1311, upgrade the affected package to a fixed version below.
- Debian/mplayer—upgrade to 1.0~pre6a-1 or later
Is CVE-2004-1311 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0~pre6a-1