Lucene search

FreeBSD Ports: libxine

FreeBSD libxine package vulnerable to stack-based buffer overflo

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
OpenVAS	FreeBSD Ports: libxine	4 Sep 200800:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200409-30 (xine-lib)	24 Sep 200800:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200409-30 (xine-lib)	24 Sep 200800:00	–	openvas
CVE	CVE-2004-1476	13 Feb 200505:00	–	cve
NVD	CVE-2004-1476	31 Dec 200405:00	–	nvd
Cvelist	CVE-2004-1476	13 Feb 200505:00	–	cvelist
Debian CVE	CVE-2004-1476	13 Feb 200505:00	–	debiancve
Tenable Nessus	Mandrake Linux Security Advisory : xine-lib (MDKSA-2004:105)	8 Oct 200400:00	–	nessus
Tenable Nessus	GLSA-200409-30 : xine-lib: Multiple vulnerabilities	23 Sep 200400:00	–	nessus
Gentoo Linux	xine-lib: Multiple vulnerabilities	22 Sep 200400:00	–	gentoo

Source	Link
xinehq	www.xinehq.de/index.php/security/XSA-2004-4
securityfocus	www.securityfocus.com/bid/11206
vuxml	www.vuxml.org/freebsd/b6939d5b-64a1-11d9-9106-000a95bc6fae.html

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.52240");
  script_version("2023-07-26T05:05:09+0000");
  script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
  script_cve_id("CVE-2004-1476");
  script_tag(name:"cvss_base", value:"5.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_name("FreeBSD Ports: libxine");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_tag(name:"insight", value:"The following package is affected: libxine

CVE-2004-1476:
Stack-based buffer overflow in the VideoCD (VCD) code in
xine-lib 1-rc2 through 1-rc5, as derived from libcdio,
allows attackers to execute arbitrary code via a VideoCD
with an unterminated disk label.");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_xref(name:"URL", value:"http://xinehq.de/index.php/security/XSA-2004-4");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11206");
  script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/b6939d5b-64a1-11d9-9106-000a95bc6fae.html");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";

bver = portver(pkg:"libxine");
if(!isnull(bver) && revcomp(a:bver, b:"1.0.r2")>=0 && revcomp(a:bver, b:"1.0.r6")<0) {
  txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Sep 2008 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS25.1

EPSS0.02053