Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1300Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

7 documents5 sources
Severity
10.0CRITICALNVD
EPSS
9.7%
top 7.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xine Xine-lib
Timeline
PublishedJan 10
Latest updateApr 29

Description

Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDxine/xine-lib1_rc7

🔴Vulnerability Details

2
GHSA
GHSA-h6mm-r226-gfhq: Buffer overflow in the open_aiff_file function in demux_aiff2022-04-29
CVEList
CVE-2004-1300: Buffer overflow in the open_aiff_file function in demux_aiff2004-12-22

💥Exploits & PoCs

3
Exploit-DB
Zinf Audio Player 2.2.1 - '.pls' Universal Local Buffer Overflow2009-01-28
Exploit-DB
Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow2004-12-16
Exploit-DB
Dell TrueMobile 1300 WLAN System 3.10.39.0 Tray Applet - Local Privilege Escalation2004-02-22

📋Vendor Advisories

1
Debian
CVE-2004-1300: vlc - Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (lib...2004
CVE-2004-1300 — Xine Xine-lib vulnerability | cvebase