Vulnerability Description
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xine | Xine | 0.9.8 |
| Xine | Xine-Lib | 1_rc2 |
| Xine | Xine-Ui | 0.9.21 |
References
- http://secunia.com/advisories/11433
- http://security.gentoo.org/glsa/glsa-200404-20.xmlPatch
- http://www.osvdb.org/5594
- http://www.osvdb.org/5739
- http://www.securityfocus.com/bid/10193ExploitPatch
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slack
- http://www.xinehq.de/index.php/security/XSA-2004-1Vendor Advisory
- http://www.xinehq.de/index.php/security/XSA-2004-2Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15939
- http://secunia.com/advisories/11433
- http://security.gentoo.org/glsa/glsa-200404-20.xmlPatch
- http://www.osvdb.org/5594
- http://www.osvdb.org/5739
- http://www.securityfocus.com/bid/10193ExploitPatch
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slack
FAQ
What is CVE-2004-1951?
CVE-2004-1951 is a vulnerability with a CVSS score of 5.0 (MEDIUM). xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options...
How severe is CVE-2004-1951?
CVE-2004-1951 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1951?
Check the references section above for vendor advisories and patch information. Affected products include: Xine Xine, Xine Xine-Lib, Xine Xine-Ui.