CVE-2004-1188: Buffer Overflow

First published: Wed Dec 22 2004(Updated: )

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
xine xine	=1_rc6a
xine xine	=1_beta9
Mplayer Mplayer	=0.92
xine xine	=0.9.18
xine xine	=1_beta3
xine xine	=1_rc0a
xine xine-lib	=1_beta7
Mplayer Mplayer	=1.0_pre2
Mplayer Mplayer	=0.90
xine xine	=1_rc7
Mplayer Mplayer	=1.0_pre1
Mplayer Mplayer	=0.90_rc
xine xine-lib	=1_rc3
xine xine	=1_rc4
xine xine-lib	=1_beta9
Mplayer Mplayer	=1.0_pre5try2
xine xine	=1_alpha
xine xine-lib	=1_rc3b
xine xine-lib	=1_alpha
xine xine	=1_beta4
Mplayer Mplayer	=head_cvs
Mplayer Mplayer	=0.92.1
xine xine-lib	=0.9.8
xine xine-lib	=1_beta4
xine xine-lib	=1_rc5
xine xine	=1_rc3b
xine xine	=1_beta2
xine xine	=0.9.8
Mplayer Mplayer	=1.0_pre3
xine xine	=1_rc3a
xine xine-lib	=1_rc6a
xine xine	=1_rc2
xine xine	=1_rc8
xine xine-lib	=1_rc3c
Mplayer Mplayer	=0.92_cvs
xine xine	=1_beta10
Mplayer Mplayer	=1.0_pre5
xine xine	=1_beta12
Mplayer Mplayer	=0.91
xine xine	=1_beta11
xine xine	=1_beta7
xine xine	=1_beta8
xine xine	=0.9.13
xine xine	=1_rc1
xine xine-lib	=1_rc2
xine xine	=1_rc5
xine xine-lib	=1_beta2
xine xine-lib	=1_rc0
xine xine-lib	=1_beta5
xine xine-lib	=1_beta11
Mplayer Mplayer	=1.0_pre5try1
xine xine	=1_beta6
xine xine-lib	=0.99
xine xine	=1_beta1
xine xine-lib	=0.9.13
xine xine-lib	=1_rc6
Mplayer Mplayer	=1.0_pre3try2
xine xine	=1_rc6
xine xine-lib	=1_beta6
xine xine	=1_rc3
xine xine-lib	=1_rc1
xine xine-lib	=1_rc3a
xine xine-lib	=1_beta1
xine xine	=1_rc0
xine xine-lib	=1_beta12
xine xine-lib	=1_rc4
Mplayer Mplayer	=0.90_pre
xine xine	=1_beta5
xine xine-lib	=1_beta10
Mplayer Mplayer	=0.90_rc4
xine xine-lib	=1_beta8
Mplayer Mplayer	=1.0_pre4
xine xine-lib	=1_beta3
xine xine-lib	=1_rc7
Mandrakesoft Mandrake Linux	=10.1
Mandrakesoft Mandrake Linux	=10.0
Mandrakesoft Mandrake Linux	=10.0
Mandrakesoft Mandrake Linux	=10.1

Remedy

http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
vendor/xine
product/xine
canonical/xine xine
vendor/mplayer
product/mplayer
canonical/mplayer mplayer
product/xine-lib
canonical/xine xine-lib
vendor/mandrakesoft
product/mandrake linux
canonical/mandrakesoft mandrake linux
collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
version/xine xine/1_rc6a
version/xine xine/1_beta9
version/mplayer mplayer/0.92
version/xine xine/0.9.18
version/xine xine/1_beta3
version/xine xine/1_rc0a
version/xine xine-lib/1_beta7
version/mplayer mplayer/1.0_pre2
version/mplayer mplayer/0.90
version/xine xine/1_rc7
version/mplayer mplayer/1.0_pre1
version/mplayer mplayer/0.90_rc
version/xine xine-lib/1_rc3
version/xine xine/1_rc4
version/xine xine-lib/1_beta9
version/mplayer mplayer/1.0_pre5try2
version/xine xine/1_alpha
version/xine xine-lib/1_rc3b
version/xine xine-lib/1_alpha
version/xine xine/1_beta4
version/mplayer mplayer/head_cvs
version/mplayer mplayer/0.92.1
version/xine xine-lib/0.9.8
version/xine xine-lib/1_beta4
version/xine xine-lib/1_rc5
version/xine xine/1_rc3b
version/xine xine/1_beta2
version/xine xine/0.9.8
version/mplayer mplayer/1.0_pre3
version/xine xine/1_rc3a
version/xine xine-lib/1_rc6a
version/xine xine/1_rc2
version/xine xine/1_rc8
version/xine xine-lib/1_rc3c
version/mplayer mplayer/0.92_cvs
version/xine xine/1_beta10
version/mplayer mplayer/1.0_pre5
version/xine xine/1_beta12
version/mplayer mplayer/0.91
version/xine xine/1_beta11
version/xine xine/1_beta7
version/xine xine/1_beta8
version/xine xine/0.9.13
version/xine xine/1_rc1
version/xine xine-lib/1_rc2
version/xine xine/1_rc5
version/xine xine-lib/1_beta2
version/xine xine-lib/1_rc0
version/xine xine-lib/1_beta5
version/xine xine-lib/1_beta11
version/mplayer mplayer/1.0_pre5try1
version/xine xine/1_beta6
version/xine xine-lib/0.99
version/xine xine/1_beta1
version/xine xine-lib/0.9.13
version/xine xine-lib/1_rc6
version/mplayer mplayer/1.0_pre3try2
version/xine xine/1_rc6
version/xine xine-lib/1_beta6
version/xine xine/1_rc3
version/xine xine-lib/1_rc1
version/xine xine-lib/1_rc3a
version/xine xine-lib/1_beta1
version/xine xine/1_rc0
version/xine xine-lib/1_beta12
version/xine xine-lib/1_rc4
version/mplayer mplayer/0.90_pre
version/xine xine/1_beta5
version/xine xine-lib/1_beta10
version/mplayer mplayer/0.90_rc4
version/xine xine-lib/1_beta8
version/mplayer mplayer/1.0_pre4
version/xine xine-lib/1_beta3
version/xine xine-lib/1_rc7
version/mandrakesoft mandrake linux/10.1
version/mandrakesoft mandrake linux/10.0

CVE-2004-1188: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact