Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1475

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1475
Last Modified 05 Sep 2008 04:41:30
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1475

Summary

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

Vulnerable Systems

Application

  • Xine 0.9.18

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc4

  • Xine 1 Rc5

  • Xine-lib 0.99

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3

  • Xine-lib 1 Rc4

  • Xine-lib 1 Rc5


References

BID - 11206

GENTOO - GLSA-200409-30

GENTOO - GLSA-200408-18

CONFIRM - http://xinehq.de/index.php/security/XSA-2004-4

XF - xine-subtitle-bo(17432)

XF - xine-videocd-mrl-bo(17430)

BUGTRAQ - 20040907 XSA-2004-4: multiple string overflows


Last Updated: 27 May 2016 10:39:02