Lucene search

[email protected]NVD:CVE-2004-1187

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1187

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

Affected configurations

NVD

Node

mplayermplayerMatch0.90

mplayermplayerMatch0.90_pre

mplayermplayerMatch0.90_rc

mplayermplayerMatch0.90_rc4

mplayermplayerMatch0.91

mplayermplayerMatch0.92

mplayermplayerMatch0.92.1

mplayermplayerMatch0.92_cvs

mplayermplayerMatch1.0_pre1

mplayermplayerMatch1.0_pre2

mplayermplayerMatch1.0_pre3

mplayermplayerMatch1.0_pre3try2

mplayermplayerMatch1.0_pre4

mplayermplayerMatch1.0_pre5

mplayermplayerMatch1.0_pre5try1

mplayermplayerMatch1.0_pre5try2

mplayermplayerMatchhead_cvs

xinexineMatch0.9.8

xinexineMatch0.9.13

xinexineMatch0.9.18

xinexineMatch1_alpha

xinexineMatch1_beta1

xinexineMatch1_beta2

xinexineMatch1_beta3

xinexineMatch1_beta4

xinexineMatch1_beta5

xinexineMatch1_beta6

xinexineMatch1_beta7

xinexineMatch1_beta8

xinexineMatch1_beta9

xinexineMatch1_beta10

xinexineMatch1_beta11

xinexineMatch1_beta12

xinexineMatch1_rc0

xinexineMatch1_rc0a

xinexineMatch1_rc1

xinexineMatch1_rc2

xinexineMatch1_rc3

xinexineMatch1_rc3a

xinexineMatch1_rc3b

xinexineMatch1_rc4

xinexineMatch1_rc5

xinexineMatch1_rc6

xinexineMatch1_rc6a

xinexineMatch1_rc7

xinexineMatch1_rc8

xinexine-libMatch0.9.8

xinexine-libMatch0.9.13

xinexine-libMatch0.99

xinexine-libMatch1_alpha

xinexine-libMatch1_beta1

xinexine-libMatch1_beta2

xinexine-libMatch1_beta3

xinexine-libMatch1_beta4

xinexine-libMatch1_beta5

xinexine-libMatch1_beta6

xinexine-libMatch1_beta7

xinexine-libMatch1_beta8

xinexine-libMatch1_beta9

xinexine-libMatch1_beta10

xinexine-libMatch1_beta11

xinexine-libMatch1_beta12

xinexine-libMatch1_rc0

xinexine-libMatch1_rc1

xinexine-libMatch1_rc2

xinexine-libMatch1_rc3

xinexine-libMatch1_rc3a

xinexine-libMatch1_rc3b

xinexine-libMatch1_rc3c

xinexine-libMatch1_rc4

xinexine-libMatch1_rc5

xinexine-libMatch1_rc6

xinexine-libMatch1_rc6a

xinexine-libMatch1_rc7

Node

mandrakesoftmandrake_linuxMatch10.0

mandrakesoftmandrake_linuxMatch10.0amd64

mandrakesoftmandrake_linuxMatch10.1

mandrakesoftmandrake_linuxMatch10.1x86_64

References

cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21

www.idefense.com/application/poi/display?id=176&type=vulnerabilities

www.mandriva.com/security/advisories?name=MDKSA-2005:011

www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

exchange.xforce.ibmcloud.com/vulnerabilities/18640

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for NVD:CVE-2004-1187

cve2 freebsd1 ubuntucve2 debiancve2 cvelist2 nvd1 openvas4 nessus3 gentoo1 securityvulns2