CVE-2004-1034 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Player

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

5.9%

top 9.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaffeine Player Xine Gxine

Timeline

PublishedMar 1

Latest updateApr 29

Description

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDxine/gxine0.3

▶NVDkaffeine/kaffeine_player4 versions+3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hhhx-p58g-9jcc: Buffer overflow in the http_open function in Kaffeine before 0↗2022-04-29

▶

OSV

CVE-2004-1034: Buffer overflow in the http_open function in Kaffeine before 0↗2005-03-01

▶

CVEList

CVE-2004-1034: Buffer overflow in the http_open function in Kaffeine before 0↗2004-11-16

▶

📋Vendor Advisories

Debian

CVE-2004-1034: kaffeine - Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is ...↗2004

▶