CVE-2004-1188
iDEFENSE Security Advisory 2004-12-21.1
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of the pnm_get_chunk() function. These tags are all handled by the same code. The code does not perform correct checking on the chunk size before reading data in. If the size given is less than the PREAMBLE_SIZE, a negative length read is made into a fixed length buffer. Because the read length parameter is an unsigned value, the negative length is interpreted as a very large length, allowing a buffer overflow to occur.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-12-13 CVE Reserved
- 2004-12-22 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 | X_refsource_confirm | |
| http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.90 Search vendor "Mplayer" for product "Mplayer" and version "0.90" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.90_pre Search vendor "Mplayer" for product "Mplayer" and version "0.90_pre" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.90_rc Search vendor "Mplayer" for product "Mplayer" and version "0.90_rc" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.90_rc4 Search vendor "Mplayer" for product "Mplayer" and version "0.90_rc4" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.91 Search vendor "Mplayer" for product "Mplayer" and version "0.91" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.92 Search vendor "Mplayer" for product "Mplayer" and version "0.92" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.92.1 Search vendor "Mplayer" for product "Mplayer" and version "0.92.1" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 0.92_cvs Search vendor "Mplayer" for product "Mplayer" and version "0.92_cvs" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre1 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre1" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre2 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre2" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre3 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre3" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre3try2 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre3try2" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre4 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre4" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre5 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre5" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre5try1 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre5try1" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | 1.0_pre5try2 Search vendor "Mplayer" for product "Mplayer" and version "1.0_pre5try2" | - |
Affected
| ||||||
| Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | head_cvs Search vendor "Mplayer" for product "Mplayer" and version "head_cvs" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 0.9.8 Search vendor "Xine" for product "Xine" and version "0.9.8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 0.9.13 Search vendor "Xine" for product "Xine" and version "0.9.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 0.9.18 Search vendor "Xine" for product "Xine" and version "0.9.18" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_alpha Search vendor "Xine" for product "Xine" and version "1_alpha" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta1 Search vendor "Xine" for product "Xine" and version "1_beta1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta2 Search vendor "Xine" for product "Xine" and version "1_beta2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta3 Search vendor "Xine" for product "Xine" and version "1_beta3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta4 Search vendor "Xine" for product "Xine" and version "1_beta4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta5 Search vendor "Xine" for product "Xine" and version "1_beta5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta6 Search vendor "Xine" for product "Xine" and version "1_beta6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta7 Search vendor "Xine" for product "Xine" and version "1_beta7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta8 Search vendor "Xine" for product "Xine" and version "1_beta8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta9 Search vendor "Xine" for product "Xine" and version "1_beta9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta10 Search vendor "Xine" for product "Xine" and version "1_beta10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta11 Search vendor "Xine" for product "Xine" and version "1_beta11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_beta12 Search vendor "Xine" for product "Xine" and version "1_beta12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc0 Search vendor "Xine" for product "Xine" and version "1_rc0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc0a Search vendor "Xine" for product "Xine" and version "1_rc0a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc1 Search vendor "Xine" for product "Xine" and version "1_rc1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc2 Search vendor "Xine" for product "Xine" and version "1_rc2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc3 Search vendor "Xine" for product "Xine" and version "1_rc3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc3a Search vendor "Xine" for product "Xine" and version "1_rc3a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc3b Search vendor "Xine" for product "Xine" and version "1_rc3b" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc4 Search vendor "Xine" for product "Xine" and version "1_rc4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc5 Search vendor "Xine" for product "Xine" and version "1_rc5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc6 Search vendor "Xine" for product "Xine" and version "1_rc6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc6a Search vendor "Xine" for product "Xine" and version "1_rc6a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc7 Search vendor "Xine" for product "Xine" and version "1_rc7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine Search vendor "Xine" for product "Xine" | 1_rc8 Search vendor "Xine" for product "Xine" and version "1_rc8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.9.8 Search vendor "Xine" for product "Xine-lib" and version "0.9.8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.9.13 Search vendor "Xine" for product "Xine-lib" and version "0.9.13" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 0.99 Search vendor "Xine" for product "Xine-lib" and version "0.99" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_alpha Search vendor "Xine" for product "Xine-lib" and version "1_alpha" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta1 Search vendor "Xine" for product "Xine-lib" and version "1_beta1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta2 Search vendor "Xine" for product "Xine-lib" and version "1_beta2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta3 Search vendor "Xine" for product "Xine-lib" and version "1_beta3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta4 Search vendor "Xine" for product "Xine-lib" and version "1_beta4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta5 Search vendor "Xine" for product "Xine-lib" and version "1_beta5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta6 Search vendor "Xine" for product "Xine-lib" and version "1_beta6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta7 Search vendor "Xine" for product "Xine-lib" and version "1_beta7" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta8 Search vendor "Xine" for product "Xine-lib" and version "1_beta8" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta9 Search vendor "Xine" for product "Xine-lib" and version "1_beta9" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta10 Search vendor "Xine" for product "Xine-lib" and version "1_beta10" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta11 Search vendor "Xine" for product "Xine-lib" and version "1_beta11" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_beta12 Search vendor "Xine" for product "Xine-lib" and version "1_beta12" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc0 Search vendor "Xine" for product "Xine-lib" and version "1_rc0" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc1 Search vendor "Xine" for product "Xine-lib" and version "1_rc1" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc2 Search vendor "Xine" for product "Xine-lib" and version "1_rc2" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc3 Search vendor "Xine" for product "Xine-lib" and version "1_rc3" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc3a Search vendor "Xine" for product "Xine-lib" and version "1_rc3a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc3b Search vendor "Xine" for product "Xine-lib" and version "1_rc3b" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc3c Search vendor "Xine" for product "Xine-lib" and version "1_rc3c" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc4 Search vendor "Xine" for product "Xine-lib" and version "1_rc4" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc5 Search vendor "Xine" for product "Xine-lib" and version "1_rc5" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc6 Search vendor "Xine" for product "Xine-lib" and version "1_rc6" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc6a Search vendor "Xine" for product "Xine-lib" and version "1_rc6a" | - |
Affected
| ||||||
| Xine Search vendor "Xine" | Xine-lib Search vendor "Xine" for product "Xine-lib" | 1_rc7 Search vendor "Xine" for product "Xine-lib" and version "1_rc7" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0" | amd64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.1" | x86_64 |
Affected
| ||||||