CVE-2004-1187

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1187

heap-based buffer overflow

pnm_get_chunk

xine

mplayer

remote code execution

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

CPENameOperatorVersion
xine:xinexineeq1_rc6a
xine:xinexineeq1_beta9
mplayer:mplayermplayereq0.92
xine:xinexineeq0.9.18
xine:xinexineeq1_beta3
xine:xinexineeq1_rc0a
xine:xine-libxine xine-libeq1_beta7
mplayer:mplayermplayereq1.0_pre2
mplayer:mplayermplayereq0.90
xine:xinexineeq1_rc7

CPE	Name	Operator	Version
xine:xine	xine	eq	1_rc6a
xine:xine	xine	eq	1_beta9
mplayer:mplayer	mplayer	eq	0.92
xine:xine	xine	eq	0.9.18
xine:xine	xine	eq	1_beta3
xine:xine	xine	eq	1_rc0a
xine:xine-lib	xine xine-lib	eq	1_beta7
mplayer:mplayer	mplayer	eq	1.0_pre2
mplayer:mplayer	mplayer	eq	0.90
xine:xine	xine	eq	1_rc7