CVE-2004-1188

NONE EPSS 77.9%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Threat Intelligence

EPSS Exploit Probability
77.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 78

VendorProductVersionRange
mplayermplayer0.90any
mplayermplayer0.90_preany
mplayermplayer0.90_rcany
mplayermplayer0.90_rc4any
mplayermplayer0.91any
mplayermplayer0.92any
mplayermplayer0.92.1any
mplayermplayer0.92_cvsany
mplayermplayer1.0_pre1any
mplayermplayer1.0_pre2any
mplayermplayer1.0_pre3any
mplayermplayer1.0_pre3try2any
mplayermplayer1.0_pre4any
mplayermplayer1.0_pre5any
mplayermplayer1.0_pre5try1any
mplayermplayer1.0_pre5try2any
mplayermplayerhead_cvsany
xinexine0.9.8any
xinexine0.9.13any
xinexine0.9.18any
xinexine1_alphaany
xinexine1_beta1any
xinexine1_beta2any
xinexine1_beta3any
xinexine1_beta4any
xinexine1_beta5any
xinexine1_beta6any
xinexine1_beta7any
xinexine1_beta8any
xinexine1_beta9any
xinexine1_beta10any
xinexine1_beta11any
xinexine1_beta12any
xinexine1_rc0any
xinexine1_rc0aany
xinexine1_rc1any
xinexine1_rc2any
xinexine1_rc3any
xinexine1_rc3aany
xinexine1_rc3bany
xinexine1_rc4any
xinexine1_rc5any
xinexine1_rc6any
xinexine1_rc6aany
xinexine1_rc7any
xinexine1_rc8any
xinexine-lib0.9.8any
xinexine-lib0.9.13any
xinexine-lib0.99any
xinexine-lib1_alphaany
xinexine-lib1_beta1any
xinexine-lib1_beta2any
xinexine-lib1_beta3any
xinexine-lib1_beta4any
xinexine-lib1_beta5any
xinexine-lib1_beta6any
xinexine-lib1_beta7any
xinexine-lib1_beta8any
xinexine-lib1_beta9any
xinexine-lib1_beta10any
xinexine-lib1_beta11any
xinexine-lib1_beta12any
xinexine-lib1_rc0any
xinexine-lib1_rc1any
xinexine-lib1_rc2any
xinexine-lib1_rc3any
xinexine-lib1_rc3aany
xinexine-lib1_rc3bany
xinexine-lib1_rc3cany
xinexine-lib1_rc4any
xinexine-lib1_rc5any
xinexine-lib1_rc6any
xinexine-lib1_rc6aany
xinexine-lib1_rc7any
mandrakesoftmandrake_linux10.0any
mandrakesoftmandrake_linux10.0any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.1any

References 5

  • cvs.sourceforge.net http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
  • idefense.com http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
  • mplayerhq.hu http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18638

Remediation

  • idefense.com http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
    PatchVendor Advisory