CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-1188

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile7.34th
Published2005年1月10日
Last Modified2026年4月16日

Vulnerability Description

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

Affected Platforms (CPE)

📦
Mplayer

Mplayer

= 0.90
📦
Mplayer

Mplayer

= 0.90_pre
📦
Mplayer

Mplayer

= 0.90_rc
📦
Mplayer

Mplayer

= 0.90_rc4
📦
Mplayer

Mplayer

= 0.91
📦
Mplayer

Mplayer

= 0.92
📦
Mplayer

Mplayer

= 0.92.1
📦
Mplayer

Mplayer

= 0.92_cvs
📦
Mplayer

Mplayer

= 1.0_pre1
📦
Mplayer

Mplayer

= 1.0_pre2
📦
Mplayer

Mplayer

= 1.0_pre3
📦
Mplayer

Mplayer

= 1.0_pre3try2
📦
Mplayer

Mplayer

= 1.0_pre4
📦
Mplayer

Mplayer

= 1.0_pre5
📦
Mplayer

Mplayer

= 1.0_pre5try1
📦
Mplayer

Mplayer

= 1.0_pre5try2
📦
Mplayer

Mplayer

= head_cvs
📦
Xine

Xine

= 0.9.8
📦
Xine

Xine

= 0.9.13
📦
Xine

Xine

= 0.9.18
📦
Xine

Xine

= 1_alpha
📦
Xine

Xine

= 1_beta1
📦
Xine

Xine

= 1_beta2
📦
Xine

Xine

= 1_beta3
📦
Xine

Xine

= 1_beta4
📦
Xine

Xine

= 1_beta5
📦
Xine

Xine

= 1_beta6
📦
Xine

Xine

= 1_beta7
📦
Xine

Xine

= 1_beta8
📦
Xine

Xine

= 1_beta9
📦
Xine

Xine

= 1_beta10
📦
Xine

Xine

= 1_beta11
📦
Xine

Xine

= 1_beta12
📦
Xine

Xine

= 1_rc0
📦
Xine

Xine

= 1_rc0a
📦
Xine

Xine

= 1_rc1
📦
Xine

Xine

= 1_rc2
📦
Xine

Xine

= 1_rc3
📦
Xine

Xine

= 1_rc3a
📦
Xine

Xine

= 1_rc3b
📦
Xine

Xine

= 1_rc4
📦
Xine

Xine

= 1_rc5
📦
Xine

Xine

= 1_rc6
📦
Xine

Xine

= 1_rc6a
📦
Xine

Xine

= 1_rc7
📦
Xine

Xine

= 1_rc8
📦
Xine

Xine Lib

= 0.9.8
📦
Xine

Xine Lib

= 0.9.13
📦
Xine

Xine Lib

= 0.99
📦
Xine

Xine Lib

= 1_alpha
📦
Xine

Xine Lib

= 1_beta1
📦
Xine

Xine Lib

= 1_beta2
📦
Xine

Xine Lib

= 1_beta3
📦
Xine

Xine Lib

= 1_beta4
📦
Xine

Xine Lib

= 1_beta5
📦
Xine

Xine Lib

= 1_beta6
📦
Xine

Xine Lib

= 1_beta7
📦
Xine

Xine Lib

= 1_beta8
📦
Xine

Xine Lib

= 1_beta9
📦
Xine

Xine Lib

= 1_beta10
📦
Xine

Xine Lib

= 1_beta11
📦
Xine

Xine Lib

= 1_beta12
📦
Xine

Xine Lib

= 1_rc0
📦
Xine

Xine Lib

= 1_rc1
📦
Xine

Xine Lib

= 1_rc2
📦
Xine

Xine Lib

= 1_rc3
📦
Xine

Xine Lib

= 1_rc3a
📦
Xine

Xine Lib

= 1_rc3b
📦
Xine

Xine Lib

= 1_rc3c
📦
Xine

Xine Lib

= 1_rc4
📦
Xine

Xine Lib

= 1_rc5
📦
Xine

Xine Lib

= 1_rc6
📦
Xine

Xine Lib

= 1_rc6a
📦
Xine

Xine Lib

= 1_rc7
💻
Mandrakesoft

Mandrake Linux

= 10.0
💻
Mandrakesoft

Mandrake Linux

= 10.0
💻
Mandrakesoft

Mandrake Linux

= 10.1
💻
Mandrakesoft

Mandrake Linux

= 10.1

References & Advisories

🔗 http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
🔗 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
🔗 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
🔗 http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
🔗 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2005:011

相关漏洞威胁

CVE-2004-038610.0

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary co...

CVE-2004-065910.0

Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long ...

CVE-2004-043310.0

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-...

CVE-2004-118710.0

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same cod...