The pnm_get_chunk function in xine 0.99.2 and previous versions, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
xine xine 1 rc6a |
||
xine xine 1 beta9 |
||
mplayer mplayer 0.92 |
||
xine xine 0.9.18 |
||
xine xine 1 beta3 |
||
xine xine 1 rc0a |
||
xine xine-lib 1 beta7 |
||
mplayer mplayer 1.0 pre2 |
||
mplayer mplayer 0.90 |
||
xine xine 1 rc7 |
||
mplayer mplayer 1.0 pre1 |
||
mplayer mplayer 0.90 rc |
||
xine xine-lib 1 rc3 |
||
xine xine 1 rc4 |
||
xine xine-lib 1 beta9 |
||
mplayer mplayer 1.0 pre5try2 |
||
xine xine 1 alpha |
||
xine xine-lib 1 rc3b |
||
xine xine-lib 1 alpha |
||
xine xine 1 beta4 |
||
mplayer mplayer head cvs |
||
mplayer mplayer 0.92.1 |
||
xine xine-lib 0.9.8 |
||
xine xine-lib 1 beta4 |
||
xine xine-lib 1 rc5 |
||
xine xine 1 rc3b |
||
xine xine 1 beta2 |
||
xine xine 0.9.8 |
||
mplayer mplayer 1.0 pre3 |
||
xine xine 1 rc3a |
||
xine xine-lib 1 rc6a |
||
xine xine 1 rc2 |
||
xine xine 1 rc8 |
||
xine xine-lib 1 rc3c |
||
mplayer mplayer 0.92 cvs |
||
xine xine 1 beta10 |
||
mplayer mplayer 1.0 pre5 |
||
xine xine 1 beta12 |
||
mplayer mplayer 0.91 |
||
xine xine 1 beta11 |
||
xine xine 1 beta7 |
||
xine xine 1 beta8 |
||
xine xine 0.9.13 |
||
xine xine 1 rc1 |
||
xine xine-lib 1 rc2 |
||
xine xine 1 rc5 |
||
xine xine-lib 1 beta2 |
||
xine xine-lib 1 rc0 |
||
xine xine-lib 1 beta5 |
||
xine xine-lib 1 beta11 |
||
mplayer mplayer 1.0 pre5try1 |
||
xine xine 1 beta6 |
||
xine xine-lib 0.99 |
||
xine xine 1 beta1 |
||
xine xine-lib 0.9.13 |
||
xine xine-lib 1 rc6 |
||
mplayer mplayer 1.0 pre3try2 |
||
xine xine 1 rc6 |
||
xine xine-lib 1 beta6 |
||
xine xine 1 rc3 |
||
xine xine-lib 1 rc1 |
||
xine xine-lib 1 rc3a |
||
xine xine-lib 1 beta1 |
||
xine xine 1 rc0 |
||
xine xine-lib 1 beta12 |
||
xine xine-lib 1 rc4 |
||
mplayer mplayer 0.90 pre |
||
xine xine 1 beta5 |
||
xine xine-lib 1 beta10 |
||
mplayer mplayer 0.90 rc4 |
||
xine xine-lib 1 beta8 |
||
mplayer mplayer 1.0 pre4 |
||
xine xine-lib 1 beta3 |
||
xine xine-lib 1 rc7 |
||
mandrakesoft mandrake linux 10.1 |
||
mandrakesoft mandrake linux 10.0 |
Vulmon