Vulnerability Name:

CVE-2004-1187 (CCN-18640)

Assigned:2004-12-21
Published:2004-12-21
Updated:2017-07-11
Summary:Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1187

Source: CONFIRM
Type: UNKNOWN
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21

Source: CCN
Type: GLSA-200501-07
xine-lib: Multiple overflows

Source: CCN
Type: iDEFENSE Security Advisory 12.21.04
Multiple Vendor Xine 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability

Source: IDEFENSE
Type: Patch, Vendor Advisory
20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:011

Source: CCN
Type: MPlayer Download Web page
Mplayer - The Movie Player for Linux

Source: CONFIRM
Type: UNKNOWN
http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

Source: CCN
Type: OSVDB ID: 12662
xine pnm_get_chunk() Function Multiple Tag Overflow

Source: CCN
Type: BID-11987
MPlayer And Xine-Lib Multiple Remote Client-Side Buffer Overflow Vulnerabilities

Source: CCN
Type: BID-12076
MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-27
Buffer overflow vulnerabilities exist in xine-lib

Source: CCN
Type: xine Web site
xine - A Free Video Player

Source: XF
Type: UNKNOWN
xine-pnatag-bo(18640)

Source: XF
Type: UNKNOWN
xine-pnatag-bo(18640)

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.18:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc0:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc0a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3b:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc6a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.99:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041187
    V
    		CVE-2004-1187
    2015-11-16
    BACK
    mplayer mplayer 0.90
    mplayer mplayer 0.90_pre
    mplayer mplayer 0.90_rc
    mplayer mplayer 0.90_rc4
    mplayer mplayer 0.91
    mplayer mplayer 0.92
    mplayer mplayer 0.92.1
    mplayer mplayer 0.92_cvs
    mplayer mplayer 1.0_pre1
    mplayer mplayer 1.0_pre2
    mplayer mplayer 1.0_pre3
    mplayer mplayer 1.0_pre3try2
    mplayer mplayer 1.0_pre4
    mplayer mplayer 1.0_pre5
    mplayer mplayer 1.0_pre5try1
    mplayer mplayer 1.0_pre5try2
    mplayer mplayer head_cvs
    xine xine 0.9.8
    xine xine 0.9.13
    xine xine 0.9.18
    xine xine 1_alpha
    xine xine 1_beta1
    xine xine 1_beta2
    xine xine 1_beta3
    xine xine 1_beta4
    xine xine 1_beta5
    xine xine 1_beta6
    xine xine 1_beta7
    xine xine 1_beta8
    xine xine 1_beta9
    xine xine 1_beta10
    xine xine 1_beta11
    xine xine 1_beta12
    xine xine 1_rc0
    xine xine 1_rc0a
    xine xine 1_rc1
    xine xine 1_rc2
    xine xine 1_rc3
    xine xine 1_rc3a
    xine xine 1_rc3b
    xine xine 1_rc4
    xine xine 1_rc5
    xine xine 1_rc6
    xine xine 1_rc6a
    xine xine 1_rc7
    xine xine 1_rc8
    xine xine-lib 0.9.8
    xine xine-lib 0.9.13
    xine xine-lib 0.99
    xine xine-lib 1_alpha
    xine xine-lib 1_beta1
    xine xine-lib 1_beta2
    xine xine-lib 1_beta3
    xine xine-lib 1_beta4
    xine xine-lib 1_beta5
    xine xine-lib 1_beta6
    xine xine-lib 1_beta7
    xine xine-lib 1_beta8
    xine xine-lib 1_beta9
    xine xine-lib 1_beta10
    xine xine-lib 1_beta11
    xine xine-lib 1_beta12
    xine xine-lib 1_rc0
    xine xine-lib 1_rc1
    xine xine-lib 1_rc2
    xine xine-lib 1_rc3
    xine xine-lib 1_rc3a
    xine xine-lib 1_rc3b
    xine xine-lib 1_rc3c
    xine xine-lib 1_rc4
    xine xine-lib 1_rc5
    xine xine-lib 1_rc6
    xine xine-lib 1_rc6a
    xine xine-lib 1_rc7
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1