Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mplayer | < 2:1.5+svn38408-1 | mplayer_2:1.5+svn38408-1_all.deb |
Debian | 11 | all | mplayer | < 2:1.4+ds1-1+deb11u1 | mplayer_2:1.4+ds1-1+deb11u1_all.deb |
Debian | 10 | all | mplayer | < 2:1.3.0-8 | mplayer_2:1.3.0-8_all.deb |
Debian | 999 | all | mplayer | < 2:1.5+svn38446-2 | mplayer_2:1.5+svn38446-2_all.deb |
Debian | 13 | all | mplayer | < 2:1.5+svn38446-2 | mplayer_2:1.5+svn38446-2_all.deb |