Oval Definition:	oval:org.opensuse.security:def:20041188
Revision Date: 2015-11-16 Version: 1 Title: CVE-2004-1188 Description: The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187. Family: unix Class: vulnerability Status: Reference(s): CVE-2004-1188 Platform(s): Novell Linux Desktop 9 for x86 SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for x86 SLES SDK 9 for X86-64 Product(s): Definition Synopsis Release Information sles9-nld is installed AND xine-lib less than 0.99.rc3a-106.18 OR Package Information sles9-sdk is installed AND xine-lib-32bit less than 9-200501181411 OR xine-lib-32bit less than 9-200501181442 OR xine-lib-64bit less than 9-200501181403 OR xine-lib-x86 less than 9-200501181410 OR xine-lib less than 0.99.rc3a-106.18
BACK