CVE-2005-1402

mtp-target < 1.2.2 - Denial of Service via Negative STLport Call Value

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1402. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit describes a memory corruption vulnerability in Mtp-Target server due to improper handling of a signed integer value, leading to a denial of service when a large unsigned value is passed.

Description

Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/25584

View Code ZIP pw:eip

The exploit describes a memory corruption vulnerability in Mtp-Target server due to improper handling of a signed integer value, leading to a denial of service when a large unsigned value is passed.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Mtp-Target server

No auth needed

Prerequisites: Network access to the Mtp-Target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources mailing-list x_refsource_bugtraq

http://www.security-focus.com/archive/1/397304

Third Party Advisory x_refsource_misc

http://aluigi.altervista.org/adv/mtpbugs-adv.txt

Scores

EPSS 0.0270

EPSS Percentile 84.0%

Details

Status published

Products (1)

mtp-target/mtp-target < 1.2.2

Published May 03, 2005

Tracked Since Feb 18, 2026