Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1188

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1188
Last Modified 10 Sep 2008 03:29:27
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1188

Summary

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.90 Rc4

  • Mplayer 0.91

  • Mplayer 0.92

  • Mplayer 0.92 Cvs

  • Mplayer 0.92.1

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3

  • Mplayer 1.0 Pre3try2

  • Mplayer 1.0 Pre4

  • Mplayer 1.0 Pre5

  • Mplayer 1.0 Pre5try1

  • Mplayer 1.0 Pre5try2

  • Mplayer Head Cvs

  • Xine 0.9.13

  • Xine 0.9.18

  • Xine 0.9.8

  • Xine 1 Alpha

  • Xine 1 Beta1

  • Xine 1 Beta10

  • Xine 1 Beta11

  • Xine 1 Beta12

  • Xine 1 Beta2

  • Xine 1 Beta3

  • Xine 1 Beta4

  • Xine 1 Beta5

  • Xine 1 Beta6

  • Xine 1 Beta7

  • Xine 1 Beta8

  • Xine 1 Beta9

  • Xine 1 Rc0

  • Xine 1 Rc0a

  • Xine 1 Rc1

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc3a

  • Xine 1 Rc3b

  • Xine 1 Rc4

  • Xine 1 Rc5

  • Xine 1 Rc6

  • Xine 1 Rc6a

  • Xine 1 Rc7

  • Xine 1 Rc8

  • Xine-lib 0.9.13

  • Xine-lib 0.9.8

  • Xine-lib 0.99

  • Xine-lib 1 Alpha

  • Xine-lib 1 Beta1

  • Xine-lib 1 Beta10

  • Xine-lib 1 Beta11

  • Xine-lib 1 Beta12

  • Xine-lib 1 Beta2

  • Xine-lib 1 Beta3

  • Xine-lib 1 Beta4

  • Xine-lib 1 Beta5

  • Xine-lib 1 Beta6

  • Xine-lib 1 Beta7

  • Xine-lib 1 Beta8

  • Xine-lib 1 Beta9

  • Xine-lib 1 Rc0

  • Xine-lib 1 Rc1

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3

  • Xine-lib 1 Rc3a

  • Xine-lib 1 Rc3b

  • Xine-lib 1 Rc3c

  • Xine-lib 1 Rc4

  • Xine-lib 1 Rc5

  • Xine-lib 1 Rc6

  • Xine-lib 1 Rc6a

  • Xine-lib 1 Rc7


References

IDEFENSE - 20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability

XF - xine-pnmgetchunk-bo(18638)

CONFIRM - http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

MANDRAKE - MDKSA-2005:011

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21


Last Updated: 27 May 2016 10:38:56