Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1476

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1476
Last Modified 05 Sep 2008 04:41:30
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1476

Summary

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

Vulnerable Systems

Operating System

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

Application

  • Xine 0.9.18

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc4

  • Xine 1 Rc5

  • Xine-lib 0.99

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3

  • Xine-lib 1 Rc4

  • Xine-lib 1 Rc5


References

CONFIRM - http://xinehq.de/index.php/security/XSA-2004-4

BID - 11206

BUGTRAQ - 20040907 XSA-2004-4: multiple string overflows

GENTOO - GLSA-200409-30


Last Updated: 27 May 2016 10:39:02