Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1475Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine

5 documents5 sources
Severity
5.1MEDIUMNVD
EPSS
5.5%
top 9.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
XineXine Xine-lib
Timeline
PublishedDec 31
Latest updateApr 29

Description

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

NVDxine/xine5 versions+4
NVDxine/xine-lib5 versions+4

Patches

Patch: security.gentoo.orgPatch: www.gentoo.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-m823-fv36-pfg4: Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (22022-04-29
CVEList
CVE-2004-1475: Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (22005-02-13

💥Exploits & PoCs

1
Exploit-DB
xine 0.99.2 - Remote Stack Overflow2004-08-09

📋Vendor Advisories

1
Debian
CVE-2004-1475: vlc - Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow atta...2004
CVE-2004-1475 — Xine vulnerability | cvebase