CVE-2004-1188: Buffer Overflow
First published: Wed Dec 22 2004(Updated: )
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| xine | =1_rc6a | |
| xine | =1_beta9 | |
| DVD Player | =0.92 | |
| xine | =0.9.18 | |
| xine | =1_beta3 | |
| xine | =1_rc0a | |
| xine | =1_beta7 | |
| DVD Player | =1.0_pre2 | |
| DVD Player | =0.90 | |
| xine | =1_rc7 | |
| DVD Player | =1.0_pre1 | |
| DVD Player | =0.90_rc | |
| xine | =1_rc3 | |
| xine | =1_rc4 | |
| xine | =1_beta9 | |
| DVD Player | =1.0_pre5try2 | |
| xine | =1_alpha | |
| xine | =1_rc3b | |
| xine | =1_alpha | |
| xine | =1_beta4 | |
| DVD Player | =head_cvs | |
| DVD Player | =0.92.1 | |
| xine | =0.9.8 | |
| xine | =1_beta4 | |
| xine | =1_rc5 | |
| xine | =1_rc3b | |
| xine | =1_beta2 | |
| xine | =0.9.8 | |
| DVD Player | =1.0_pre3 | |
| xine | =1_rc3a | |
| xine | =1_rc6a | |
| xine | =1_rc2 | |
| xine | =1_rc8 | |
| xine | =1_rc3c | |
| DVD Player | =0.92_cvs | |
| xine | =1_beta10 | |
| DVD Player | =1.0_pre5 | |
| xine | =1_beta12 | |
| DVD Player | =0.91 | |
| xine | =1_beta11 | |
| xine | =1_beta7 | |
| xine | =1_beta8 | |
| xine | =0.9.13 | |
| xine | =1_rc1 | |
| xine | =1_rc2 | |
| xine | =1_rc5 | |
| xine | =1_beta2 | |
| xine | =1_rc0 | |
| xine | =1_beta5 | |
| xine | =1_beta11 | |
| DVD Player | =1.0_pre5try1 | |
| xine | =1_beta6 | |
| xine | =0.99 | |
| xine | =1_beta1 | |
| xine | =0.9.13 | |
| xine | =1_rc6 | |
| DVD Player | =1.0_pre3try2 | |
| xine | =1_rc6 | |
| xine | =1_beta6 | |
| xine | =1_rc3 | |
| xine | =1_rc1 | |
| xine | =1_rc3a | |
| xine | =1_beta1 | |
| xine | =1_rc0 | |
| xine | =1_beta12 | |
| xine | =1_rc4 | |
| DVD Player | =0.90_pre | |
| xine | =1_beta5 | |
| xine | =1_beta10 | |
| DVD Player | =0.90_rc4 | |
| xine | =1_beta8 | |
| DVD Player | =1.0_pre4 | |
| xine | =1_beta3 | |
| xine | =1_rc7 | |
| Mandrake Linux | =10.1 | |
| Mandrake Linux | =10.0 | |
| Mandrake Linux | =10.0 | |
| Mandrake Linux | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
- http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
- http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
Frequently Asked Questions
What is the severity of CVE-2004-1188?
CVE-2004-1188 has a moderate severity rating as it can lead to a buffer overflow, which can impact system stability and security.
How do I fix CVE-2004-1188?
To fix CVE-2004-1188, update to the latest version of xine or MPlayer, as they have released patches that address this vulnerability.
What software is affected by CVE-2004-1188?
CVE-2004-1188 affects several versions of xine and MPlayer, including xine versions before 1.0 and MPlayer versions before 1.0.
What are the potential consequences of CVE-2004-1188?
The potential consequences of CVE-2004-1188 include arbitrary code execution, data corruption, and denial of service due to a buffer overflow.
How can I detect if my system is vulnerable to CVE-2004-1188?
You can detect vulnerability to CVE-2004-1188 by checking the version of xine or MPlayer installed on your system and comparing it to the versioning data in the CVE description.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/xine
- product/xine
- canonical/xine xine
- vendor/mplayer
- product/mplayer
- canonical/mplayer mplayer
- product/xine-lib
- canonical/xine xine-lib
- vendor/mandrakesoft
- product/mandrake linux
- canonical/mandrakesoft mandrake linux
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- canonical/xine
- version/xine/1_rc6a
- version/xine/1_beta9
- canonical/dvd player
- version/dvd player/0.92
- version/xine/0.9.18
- version/xine/1_beta3
- version/xine/1_rc0a
- version/xine/1_beta7
- version/dvd player/1.0_pre2
- version/dvd player/0.90
- version/xine/1_rc7
- version/dvd player/1.0_pre1
- version/dvd player/0.90_rc
- version/xine/1_rc3
- version/xine/1_rc4
- version/dvd player/1.0_pre5try2
- version/xine/1_alpha
- version/xine/1_rc3b
- version/xine/1_beta4
- version/dvd player/head_cvs
- version/dvd player/0.92.1
- version/xine/0.9.8
- version/xine/1_rc5
- version/xine/1_beta2
- version/dvd player/1.0_pre3
- version/xine/1_rc3a
- version/xine/1_rc2
- version/xine/1_rc8
- version/xine/1_rc3c
- version/dvd player/0.92_cvs
- version/xine/1_beta10
- version/dvd player/1.0_pre5
- version/xine/1_beta12
- version/dvd player/0.91
- version/xine/1_beta11
- version/xine/1_beta8
- version/xine/0.9.13
- version/xine/1_rc1
- version/xine/1_rc0
- version/xine/1_beta5
- version/dvd player/1.0_pre5try1
- version/xine/1_beta6
- version/xine/0.99
- version/xine/1_beta1
- version/xine/1_rc6
- version/dvd player/1.0_pre3try2
- version/dvd player/0.90_pre
- version/dvd player/0.90_rc4
- version/dvd player/1.0_pre4
- canonical/mandrake linux
- version/mandrake linux/10.1
- version/mandrake linux/10.0