CVE-2004-1187

4 documents4 sources
Severity
10.0CRITICAL
EPSS
5.7%
top 9.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mandrakesoft Mandrake LinuxMplayer MplayerXine Xine+1 more
Timeline
PublishedJan 10
Latest updateApr 29

Description

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDxine/xine29 versions+28
NVDxine/xine-lib28 versions+27
NVDmplayer/mplayer17 versions+16
NVDmandrakesoft/mandrake_linux10.0, 10.1+1

Patches

Patch: www.idefense.comPatch: www.idefense.com

🔴Vulnerability Details

2
GHSA
GHSA-xg3g-7232-qg4v: Heap-based buffer overflow in the pnm_get_chunk function for xine 02022-04-29
CVEList
CVE-2004-1187: Heap-based buffer overflow in the pnm_get_chunk function for xine 02004-12-22

📋Vendor Advisories

1
Debian
CVE-2004-1187: mplayer - Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and ot...2004
CVE-2004-1187 (CRITICAL CVSS 10) | Heap-based buffer overflow in the p | cvebase.io