Published: 10/01/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The pnm_get_chunk function in xine 0.99.2 and previous versions, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mplayer mplayer 0.92
mplayer mplayer 0.92.1
mplayer mplayer 1.0_pre5
mplayer mplayer 1.0_pre5try1
xine xine-lib 1_beta1
xine xine-lib 1_beta10
xine xine-lib 1_beta7
xine xine-lib 1_beta8
xine xine-lib 1_rc3b
xine xine-lib 1_rc3c
xine xine 0.9.18
xine xine 0.9.8
xine xine 1_beta4
xine xine 1_beta5
xine xine 1_rc1
xine xine 1_rc2
xine xine 1_rc6a
xine xine 1_rc7
mplayer mplayer 0.90
mplayer mplayer 0.90_pre
mplayer mplayer 1.0_pre2
mplayer mplayer 1.0_pre3
xine xine-lib 0.9.13
xine xine-lib 0.9.8
xine xine-lib 1_beta2
xine xine-lib 1_beta3
xine xine-lib 1_beta4
xine xine-lib 1_rc1
xine xine-lib 1_rc2
xine xine-lib 1_rc6
xine xine-lib 1_rc6a
xine xine 1_beta10
xine xine 1_beta11
xine xine 1_beta12
xine xine 1_beta8
xine xine 1_beta9
xine xine 1_rc3b
xine xine 1_rc4
mplayer mplayer 0.90_rc
mplayer mplayer 0.90_rc4
mplayer mplayer 0.91
mplayer mplayer 1.0_pre3try2
mplayer mplayer 1.0_pre4
xine xine-lib 0.99
xine xine-lib 1_alpha
xine xine-lib 1_beta5
xine xine-lib 1_beta6
xine xine-lib 1_rc3
xine xine-lib 1_rc3a
xine xine-lib 1_rc7
xine xine 0.9.13
xine xine 1_beta2
xine xine 1_beta3
xine xine 1_rc0
xine xine 1_rc0a
xine xine 1_rc5
xine xine 1_rc6
mplayer mplayer 0.92_cvs
mplayer mplayer 1.0_pre1
mplayer mplayer 1.0_pre5try2
mplayer mplayer head_cvs
xine xine-lib 1_beta11
xine xine-lib 1_beta12
xine xine-lib 1_beta9
xine xine-lib 1_rc0
xine xine-lib 1_rc4
xine xine-lib 1_rc5
xine xine 1_alpha
xine xine 1_beta1
xine xine 1_beta6
xine xine 1_beta7
xine xine 1_rc3
xine xine 1_rc3a
xine xine 1_rc8
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux 10.1

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 https://nvd.nist.gov

Get Started

CVE-2004-1188

Vulnerability Summary

References

Vulmon Search

About

Products

Connect