CVE-2004-1455 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

4.3%

top 11.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xine Xine-lib

Timeline

PublishedDec 31

Latest updateApr 29

Description

Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDxine/xine-lib18 versions+17

Patches

Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-3r4r-jw73-mqpr: Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists t↗2022-04-29

▶

CVEList

CVE-2004-1455: Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists t↗2005-02-13

▶

📋Vendor Advisories

Debian

CVE-2004-1455: vlc - Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier all...↗2004

▶