CVE-2004-1188

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1188

xine

mplayer

buffer overflow

chunk size verification

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.9%

JSON

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

CPENameOperatorVersion
xine:xinexineeq1_rc6a
xine:xinexineeq1_beta9
mplayer:mplayermplayereq0.92
xine:xinexineeq0.9.18
xine:xinexineeq1_beta3
xine:xinexineeq1_rc0a
xine:xine-libxine xine-libeq1_beta7
mplayer:mplayermplayereq1.0_pre2
mplayer:mplayermplayereq0.90
xine:xinexineeq1_rc7

CPE	Name	Operator	Version
xine:xine	xine	eq	1_rc6a
xine:xine	xine	eq	1_beta9
mplayer:mplayer	mplayer	eq	0.92
xine:xine	xine	eq	0.9.18
xine:xine	xine	eq	1_beta3
xine:xine	xine	eq	1_rc0a
xine:xine-lib	xine xine-lib	eq	1_beta7
mplayer:mplayer	mplayer	eq	1.0_pre2
mplayer:mplayer	mplayer	eq	0.90
xine:xine	xine	eq	1_rc7