CVE-2004-1373

Published: Dec 23, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.

Affected (3)

Products: Nullsoft: Shoutcast Server

Nullsoft

1 product

Shoutcast Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nullsoft Shoutcast Server	Version 1.9.4
Nullsoft Shoutcast Server	Version 1.9.4
Nullsoft Shoutcast Server	Version 1.9.4

References (12)

http://marc.info/?l=bugtraq&m=110382975516003&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110886444014745&w=2

Source: cve@mitre.org

http://securitytracker.com/id?1012675

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200501-04.xml

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/12096

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/18669

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110382975516003&w=2