CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1188

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile7.34th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Affected Platforms (CPE)

πŸ“¦
Mplayer

Mplayer

= 0.90
πŸ“¦
Mplayer

Mplayer

= 0.90_pre
πŸ“¦
Mplayer

Mplayer

= 0.90_rc
πŸ“¦
Mplayer

Mplayer

= 0.90_rc4
πŸ“¦
Mplayer

Mplayer

= 0.91
πŸ“¦
Mplayer

Mplayer

= 0.92
πŸ“¦
Mplayer

Mplayer

= 0.92.1
πŸ“¦
Mplayer

Mplayer

= 0.92_cvs
πŸ“¦
Mplayer

Mplayer

= 1.0_pre1
πŸ“¦
Mplayer

Mplayer

= 1.0_pre2
πŸ“¦
Mplayer

Mplayer

= 1.0_pre3
πŸ“¦
Mplayer

Mplayer

= 1.0_pre3try2
πŸ“¦
Mplayer

Mplayer

= 1.0_pre4
πŸ“¦
Mplayer

Mplayer

= 1.0_pre5
πŸ“¦
Mplayer

Mplayer

= 1.0_pre5try1
πŸ“¦
Mplayer

Mplayer

= 1.0_pre5try2
πŸ“¦
Mplayer

Mplayer

= head_cvs
πŸ“¦
Xine

Xine

= 0.9.8
πŸ“¦
Xine

Xine

= 0.9.13
πŸ“¦
Xine

Xine

= 0.9.18
πŸ“¦
Xine

Xine

= 1_alpha
πŸ“¦
Xine

Xine

= 1_beta1
πŸ“¦
Xine

Xine

= 1_beta2
πŸ“¦
Xine

Xine

= 1_beta3
πŸ“¦
Xine

Xine

= 1_beta4
πŸ“¦
Xine

Xine

= 1_beta5
πŸ“¦
Xine

Xine

= 1_beta6
πŸ“¦
Xine

Xine

= 1_beta7
πŸ“¦
Xine

Xine

= 1_beta8
πŸ“¦
Xine

Xine

= 1_beta9
πŸ“¦
Xine

Xine

= 1_beta10
πŸ“¦
Xine

Xine

= 1_beta11
πŸ“¦
Xine

Xine

= 1_beta12
πŸ“¦
Xine

Xine

= 1_rc0
πŸ“¦
Xine

Xine

= 1_rc0a
πŸ“¦
Xine

Xine

= 1_rc1
πŸ“¦
Xine

Xine

= 1_rc2
πŸ“¦
Xine

Xine

= 1_rc3
πŸ“¦
Xine

Xine

= 1_rc3a
πŸ“¦
Xine

Xine

= 1_rc3b
πŸ“¦
Xine

Xine

= 1_rc4
πŸ“¦
Xine

Xine

= 1_rc5
πŸ“¦
Xine

Xine

= 1_rc6
πŸ“¦
Xine

Xine

= 1_rc6a
πŸ“¦
Xine

Xine

= 1_rc7
πŸ“¦
Xine

Xine

= 1_rc8
πŸ“¦
Xine

Xine Lib

= 0.9.8
πŸ“¦
Xine

Xine Lib

= 0.9.13
πŸ“¦
Xine

Xine Lib

= 0.99
πŸ“¦
Xine

Xine Lib

= 1_alpha
πŸ“¦
Xine

Xine Lib

= 1_beta1
πŸ“¦
Xine

Xine Lib

= 1_beta2
πŸ“¦
Xine

Xine Lib

= 1_beta3
πŸ“¦
Xine

Xine Lib

= 1_beta4
πŸ“¦
Xine

Xine Lib

= 1_beta5
πŸ“¦
Xine

Xine Lib

= 1_beta6
πŸ“¦
Xine

Xine Lib

= 1_beta7
πŸ“¦
Xine

Xine Lib

= 1_beta8
πŸ“¦
Xine

Xine Lib

= 1_beta9
πŸ“¦
Xine

Xine Lib

= 1_beta10
πŸ“¦
Xine

Xine Lib

= 1_beta11
πŸ“¦
Xine

Xine Lib

= 1_beta12
πŸ“¦
Xine

Xine Lib

= 1_rc0
πŸ“¦
Xine

Xine Lib

= 1_rc1
πŸ“¦
Xine

Xine Lib

= 1_rc2
πŸ“¦
Xine

Xine Lib

= 1_rc3
πŸ“¦
Xine

Xine Lib

= 1_rc3a
πŸ“¦
Xine

Xine Lib

= 1_rc3b
πŸ“¦
Xine

Xine Lib

= 1_rc3c
πŸ“¦
Xine

Xine Lib

= 1_rc4
πŸ“¦
Xine

Xine Lib

= 1_rc5
πŸ“¦
Xine

Xine Lib

= 1_rc6
πŸ“¦
Xine

Xine Lib

= 1_rc6a
πŸ“¦
Xine

Xine Lib

= 1_rc7
πŸ’»
Mandrakesoft

Mandrake Linux

= 10.0
πŸ’»
Mandrakesoft

Mandrake Linux

= 10.0
πŸ’»
Mandrakesoft

Mandrake Linux

= 10.1
πŸ’»
Mandrakesoft

Mandrake Linux

= 10.1

References & Advisories

πŸ”— http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
πŸ”— http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
πŸ”— http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
πŸ”— http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
πŸ”— http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2005:011

Related Vulnerabilities

CVE-2004-038610.0

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary co...

CVE-2004-065910.0

Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long ...

CVE-2004-043310.0

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-...

CVE-2004-118710.0

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same cod...