← Back

CVE-2004-1188

nvd nist
Published: Jan 10, 2005Modified: Apr 16, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Affected (78)

Mplayer
1 product
Mplayer
Xine
2 products
Xine
Xine Lib
Mandrakesoft
1 product
Mandrake Linux
Configuration A
74 vulnerable
Vulnerable SoftwareAffected Versions
Mplayer
Mplayer
Version 0.90
Mplayer
Version 0.90_pre
Mplayer
Version 0.90_rc4
Mplayer
Version 0.90_rc
Mplayer
Version 0.91
Mplayer
Version 0.92.1
Mplayer
Version 0.92
Mplayer
Version 0.92_cvs
Mplayer
Version 1.0_pre1
Mplayer
Version 1.0_pre2
Mplayer
Version 1.0_pre3
Mplayer
Version 1.0_pre3try2
Mplayer
Version 1.0_pre4
Mplayer
Version 1.0_pre5
Mplayer
Version 1.0_pre5try1
Mplayer
Version 1.0_pre5try2
Mplayer
Version head_cvs
Xine
Xine
Version 0.9.13
Xine
Version 0.9.18
Xine
Version 0.9.8
Xine
Version 1_alpha
Xine
Version 1_beta10
Xine
Version 1_beta11
Xine
Version 1_beta12
Xine
Version 1_beta1
Xine
Version 1_beta2
Xine
Version 1_beta3
Xine
Version 1_beta4
Xine
Version 1_beta5
Xine
Version 1_beta6
Xine
Version 1_beta7
Xine
Version 1_beta8
Xine
Version 1_beta9
Xine
Version 1_rc0
Xine
Version 1_rc0a
Xine
Version 1_rc1
Xine
Version 1_rc2
Xine
Version 1_rc3
Xine
Version 1_rc3a
Xine
Version 1_rc3b
Xine
Version 1_rc4
Xine
Version 1_rc5
Xine
Version 1_rc6
Xine
Version 1_rc6a
Xine
Version 1_rc7
Xine
Version 1_rc8
Xine
Xine Lib
Version 0.9.13
Xine Lib
Version 0.9.8
Xine Lib
Version 0.99
Xine Lib
Version 1_alpha
Xine Lib
Version 1_beta10
Xine Lib
Version 1_beta11
Xine Lib
Version 1_beta12
Xine Lib
Version 1_beta1
Xine Lib
Version 1_beta2
Xine Lib
Version 1_beta3
Xine Lib
Version 1_beta4
Xine Lib
Version 1_beta5
Xine Lib
Version 1_beta6
Xine Lib
Version 1_beta7
Xine Lib
Version 1_beta8
Xine Lib
Version 1_beta9
Xine Lib
Version 1_rc0
Xine Lib
Version 1_rc1
Xine Lib
Version 1_rc2
Xine Lib
Version 1_rc3
Xine Lib
Version 1_rc3a
Xine Lib
Version 1_rc3b
Xine Lib
Version 1_rc3c
Xine Lib
Version 1_rc4
Xine Lib
Version 1_rc5
Xine Lib
Version 1_rc6
Xine Lib
Version 1_rc6a
Xine Lib
Version 1_rc7
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Mandrakesoft
Mandrake Linux
Version 10.0
Mandrake Linux
Version 10.0
Mandrake Linux
Version 10.1
Mandrake Linux
Version 10.1

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.