Vulnerability Description
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xine | Xine | 0.9.18 |
| Xine | Xine-Lib | 0.99 |
| Suse | Suse Linux | 8.0 |
References
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xmlPatchVendor Advisory
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0PatchVendor Advisory
- http://www.securityfocus.com/bid/11206Patch
- http://xinehq.de/index.php/security/XSA-2004-4PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17431
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xmlPatchVendor Advisory
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0PatchVendor Advisory
- http://www.securityfocus.com/bid/11206Patch
- http://xinehq.de/index.php/security/XSA-2004-4PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17431
FAQ
What is CVE-2004-1476?
CVE-2004-1476 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label...
How severe is CVE-2004-1476?
CVE-2004-1476 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1476?
Check the references section above for vendor advisories and patch information. Affected products include: Xine Xine, Xine Xine-Lib, Suse Suse Linux.