CVE-2006-6172

Description

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

How to fix CVE-2006-6172

To remediate CVE-2006-6172, upgrade the affected package to a fixed version below.

• Debian/mplayer—upgrade to 1.0~rc1-11 or later
• Debian/xine-lib—upgrade to 1.0.1-1sarge5 or later

Is CVE-2006-6172 being exploited?

Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.0~rc1-11
• from 0, < 1.0.1-1sarge5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-6172