10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.041 Low
EPSS
Percentile
92.2%
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages
such as MPlayer that use the same code, does not properly verify that the
chunk size is less than the PREAMBLE_SIZE, which causes a read operation
with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2)
DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different
vulnerability than CVE-2004-1187.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 6.10 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 6.06 | noarch | xine-lib | < 1.1.1+ubuntu2-7.7 | UNKNOWN |
ubuntu | 6.10 | noarch | xine-lib | < 1.1.2+repacked1-0ubuntu3.4 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-lib | < 1.1.4-2ubuntu3 | UNKNOWN |