critical
10
CWE
NVD-CWE-Other 119
Advisory Published
Updated

CVE-2004-1187: Buffer Overflow

First published: Wed Dec 22 2004(Updated: )

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
xine=1_rc6a
xine=1_beta9
DVD Player=0.92
xine=0.9.18
xine=1_beta3
xine=1_rc0a
xine=1_beta7
DVD Player=1.0_pre2
DVD Player=0.90
xine=1_rc7
DVD Player=1.0_pre1
DVD Player=0.90_rc
xine=1_rc3
xine=1_rc4
xine=1_beta9
DVD Player=1.0_pre5try2
xine=1_alpha
xine=1_rc3b
xine=1_alpha
xine=1_beta4
DVD Player=head_cvs
DVD Player=0.92.1
xine=0.9.8
xine=1_beta4
xine=1_rc5
xine=1_rc3b
xine=1_beta2
xine=0.9.8
DVD Player=1.0_pre3
xine=1_rc3a
xine=1_rc6a
xine=1_rc2
xine=1_rc8
xine=1_rc3c
DVD Player=0.92_cvs
xine=1_beta10
DVD Player=1.0_pre5
xine=1_beta12
DVD Player=0.91
xine=1_beta11
xine=1_beta7
xine=1_beta8
xine=0.9.13
xine=1_rc1
xine=1_rc2
xine=1_rc5
xine=1_beta2
xine=1_rc0
xine=1_beta5
xine=1_beta11
DVD Player=1.0_pre5try1
xine=1_beta6
xine=0.99
xine=1_beta1
xine=0.9.13
xine=1_rc6
DVD Player=1.0_pre3try2
xine=1_rc6
xine=1_beta6
xine=1_rc3
xine=1_rc1
xine=1_rc3a
xine=1_beta1
xine=1_rc0
xine=1_beta12
xine=1_rc4
DVD Player=0.90_pre
xine=1_beta5
xine=1_beta10
DVD Player=0.90_rc4
xine=1_beta8
DVD Player=1.0_pre4
xine=1_beta3
xine=1_rc7
Mandrake Linux=10.1
Mandrake Linux=10.0
Mandrake Linux=10.0
Mandrake Linux=10.1

Remedy

http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2004-1187?

    CVE-2004-1187 is considered a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code.

  • How do I fix CVE-2004-1187?

    To fix CVE-2004-1187, update xine or MPlayer to versions that include the patch addressing this vulnerability.

  • What software is affected by CVE-2004-1187?

    CVE-2004-1187 affects several versions of xine and MPlayer, particularly versions 0.9.18, 1_rc0a, and others up to 0.92.1.

  • What is the nature of the vulnerability in CVE-2004-1187?

    The vulnerability in CVE-2004-1187 is a heap-based buffer overflow in the pnm_get_chunk function, which can be exploited through long PNA_TAG values.

  • Can I still use xine or MPlayer if they are affected by CVE-2004-1187?

    It is advised not to use affected versions of xine or MPlayer until you have applied the necessary updates or patches to mitigate CVE-2004-1187.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203