QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1188

Published: Dec 22, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRAKE

20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability

third-party-advisory

x_refsource_IDEFENSE

http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21

x_refsource_CONFIRM

xine-pnmgetchunk-bo(18638)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.