Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1379

Published: 16/09/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and previous versions allows remote malicious users to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine 1 beta9

xine xine 1 beta3

xine xine 1 rc0a

xine xine-lib 1 beta7

xine xine-lib 1 rc3

xine xine 1 rc4

xine xine-lib 1 beta9

xine xine 1 alpha

xine xine-lib 1 rc3b

xine xine 1 beta4

xine xine-lib 0.9.8

xine xine-lib 1 beta4

xine xine-lib 1 rc5

xine xine 1 rc3b

xine xine 1 beta2

xine xine 1 rc3a

xine xine 1 rc2

xine xine-lib 1 rc3c

xine xine 1 beta10

xine xine 1 beta12

xine xine 1 beta11

xine xine 1 beta7

xine xine 1 beta8

xine xine 1 rc1

xine xine-lib 1 rc2

xine xine 1 rc5

xine xine-lib 1 beta2

xine xine-lib 1 rc0

xine xine-lib 1 beta5

xine xine 1 beta6

xine xine 1 beta1

xine xine-lib 1 beta6

xine xine 1 rc3

xine xine-lib 1 rc1

xine xine-lib 1 rc3a

xine xine 1 rc0

xine xine-lib 1 beta12

xine xine-lib 1 rc4

xine xine 1 beta5

xine xine-lib 1 beta8

xine xine-lib 1 beta3

Vendor Advisories

Debian Security Advisories: DSA-657-1 xine-lib -- buffer overflow
A heap overflow has been discovered in the DVD subpicture decoder of xine-lib An attacker could cause arbitrary code to be executed on the victims host by supplying a malicious MPEG By tricking users to view a malicious network stream, this is remotely exploitable For the stable distribution (woody) this problem has been fixed in version 098-2 ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0http://xinehq.de/index.php/security/XSA-2004-5http://www.debian.org/security/2005/dsa-657http://www.gentoo.org/security/en/glsa/glsa-200409-30.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.320308http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.htmlhttp://www.securityfocus.com/bid/11205https://exchange.xforce.ibmcloud.com/vulnerabilities/17423https://nvd.nist.govhttps://www.debian.org/security/./dsa-657
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook