CVE-2004-1476 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine

5 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

2.1%

top 16.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libcdio Suse Linux Xine +1 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages4 packages

▶Debiangnu/libcdio< 0.69+3

▶NVDxine/xine5 versions+4

▶NVDxine/xine-lib5 versions+4

▶NVDsuse/suse_linux6 versions+5

Patches

Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7fcw-5hqr-7p5h: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary↗2022-04-29

▶

CVEList

CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary↗2005-02-13

▶

OSV

CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-1476: libcdio - Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through ...↗2004

▶