CVE-2004-1476
published 2004-12-31CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via…
PriorityP424medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
2.30%
81.1th percentile
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libcdio | < libcdio 0.69 (bookworm) | libcdio 0.69 (bookworm) |
| debian | vlc | < libcdio 0.69 (bookworm) | libcdio 0.69 (bookworm) |
| gnu | libcdio | >= 0 < 0.69 | 0.69 |
| gnu | libcdio | >= 0 < 0.69 | 0.69 |
| gnu | libcdio | >= 0 < 0.69 | 0.69 |
| gnu | libcdio | >= 0 < 0.69 | 0.69 |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-1476: libcdio - Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through ...
vendor_debian·2004·CVSS 5.1
CVE-2004-1476 [MEDIUM] CVE-2004-1476: libcdio - Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through ...
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
Scope: local
bookworm: resolved (fixed in 0.69)
bullseye: resolved (fixed in 0.69)
forky: resolved (fixed in 0.69)
sid: resolved (fixed in 0.69)
trixie: resolved (fixed in 0.69)
GHSA
GHSA-7fcw-5hqr-7p5h: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary
ghsa_unreviewed·2022-04-29
CVE-2004-1476 [MEDIUM] GHSA-7fcw-5hqr-7p5h: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
OSV
CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary
osv·2004-12-31·CVSS 5.1
CVE-2004-1476 [MEDIUM] CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
No detection rules found.
No public exploits indexed.
http://www.gentoo.org/security/en/glsa/glsa-200409-30.xmlhttp://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0http://www.securityfocus.com/bid/11206http://xinehq.de/index.php/security/XSA-2004-4https://exchange.xforce.ibmcloud.com/vulnerabilities/17431http://www.gentoo.org/security/en/glsa/glsa-200409-30.xmlhttp://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0http://www.securityfocus.com/bid/11206http://xinehq.de/index.php/security/XSA-2004-4https://exchange.xforce.ibmcloud.com/vulnerabilities/17431
2004-12-31
Published