CVE-2004-1188 in xine-libinfo

Summary

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/13/2004

Disclosure

01/10/2005

Moderation

VulDB entry created

Entries

VDB-23735 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

10.0

EPSS

0.00495

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1188
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1188
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1188/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!