CVE-2004-1188

2005-01-1005:00:00

Debian Security Bug Tracker

security-tracker.debian.org

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

OSVersionArchitecturePackageVersionFilename
Debian12allmplayer< 2:1.5+svn38408-1mplayer_2:1.5+svn38408-1_all.deb
Debian11allmplayer< 2:1.4+ds1-1+deb11u1mplayer_2:1.4+ds1-1+deb11u1_all.deb
Debian10allmplayer< 2:1.3.0-8mplayer_2:1.3.0-8_all.deb
Debian999allmplayer< 2:1.5+svn38542-1mplayer_2:1.5+svn38542-1_all.deb
Debian13allmplayer< 2:1.5+svn38446-2mplayer_2:1.5+svn38446-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mplayer	< 2:1.5+svn38408-1	mplayer_2:1.5+svn38408-1_all.deb
Debian	11	all	mplayer	< 2:1.4+ds1-1+deb11u1	mplayer_2:1.4+ds1-1+deb11u1_all.deb
Debian	10	all	mplayer	< 2:1.3.0-8	mplayer_2:1.3.0-8_all.deb
Debian	999	all	mplayer	< 2:1.5+svn38542-1	mplayer_2:1.5+svn38542-1_all.deb
Debian	13	all	mplayer	< 2:1.5+svn38446-2	mplayer_2:1.5+svn38446-2_all.deb