Vulnerability Description
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | 0.90 |
| Xine | Xine | 0.9.8 |
| Xine | Xine-Lib | 0.9.8 |
| Mandrakesoft | Mandrake Linux | 10.0 |
References
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1
- http://www.idefense.com/application/poi/display?id=177&type=vulnerabilitiesPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1
- http://www.idefense.com/application/poi/display?id=177&type=vulnerabilitiesPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
FAQ
What is CVE-2004-1188?
CVE-2004-1188 is a vulnerability with a CVSS score of 10.0 (HIGH). The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which cau...
How severe is CVE-2004-1188?
CVE-2004-1188 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1188?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer, Xine Xine, Xine Xine-Lib, Mandrakesoft Mandrake Linux.