Vulnerability Description
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | 0.90 |
| Xine | Xine | 0.9.8 |
| Xine | Xine-Lib | 0.9.8 |
| Mandrakesoft | Mandrake Linux | 10.0 |
References
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1
- http://www.idefense.com/application/poi/display?id=176&type=vulnerabilitiesPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18640
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1
- http://www.idefense.com/application/poi/display?id=176&type=vulnerabilitiesPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18640
FAQ
What is CVE-2004-1187?
CVE-2004-1187 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG ...
How severe is CVE-2004-1187?
CVE-2004-1187 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1187?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer, Xine Xine, Xine Xine-Lib, Mandrakesoft Mandrake Linux.