3 matches found
CVE-2004-1188
The CVE-2004-1188 issue is in xine (and frontends like MPlayer) where the pnm_get_chunk function does not verify that the input chunk size is less than PREAMBLE_SIZE. This can cause a read with a negative length, leading to a buffer overflow via tags such as RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG,...
CVE-2004-1188
The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...
CVE-2004-1188
The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...