cbcvebase.
CVE-2004-1188
published 2005-01-10

CVE-2004-1188: The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size…

PriorityP429critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
1.97%
77.9th percentile
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Affected

77 ranges· showing 25
VendorProductVersion rangeFixed in
debianmplayer
mandrakesoftmandrake_linux
mandrakesoftmandrake_linux
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
xinexine
xinexine
xinexine
xinexine
xinexine

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.