CVE-2004-1187
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/01/2005
Last modified:
11/07/2017
Description
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
- http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A011
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18640