QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1187

Published: Dec 22, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

xine-pnatag-bo(18640)

vdb-entry

x_refsource_XF

http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

x_refsource_CONFIRM

20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability

third-party-advisory

x_refsource_IDEFENSE

vendor-advisory

x_refsource_MANDRAKE

http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.