Vulnerability Name:

CVE-2004-1188 (CCN-18638)

Assigned:2004-12-21
Published:2004-12-21
Updated:2017-07-11
Summary:The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1188

Source: CONFIRM
Type: UNKNOWN
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21

Source: CCN
Type: GLSA-200501-07
xine-lib: Multiple overflows

Source: CCN
Type: iDEFENSE Security Advisory 12.21.04
Multiple Vendor Xine 0.99.2 PNM Handler Negative Read Length Overflow Vulnerability

Source: IDEFENSE
Type: Patch, Vendor Advisory
20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:011

Source: CCN
Type: MPlayer Download Web page
Mplayer - The Movie Player for Linux

Source: CONFIRM
Type: UNKNOWN
http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff

Source: CCN
Type: OSVDB ID: 12661
xine PNM Handler PNA_TAG Overflow

Source: CCN
Type: BID-12076
MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-27
Buffer overflow vulnerabilities exist in xine-lib

Source: CCN
Type: xine Download Web page
xine

Source: XF
Type: UNKNOWN
xine-pnmgetchunk-bo(18638)

Source: XF
Type: UNKNOWN
xine-pnmgetchunk-bo(18638)

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:0.9.18:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc0:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc0a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc3b:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc6a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine:1_rc8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:0.99:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*
  • OR cpe:/a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041188
    V
    		CVE-2004-1188
    2015-11-16
    BACK
    mplayer mplayer 0.90
    mplayer mplayer 0.90_pre
    mplayer mplayer 0.90_rc
    mplayer mplayer 0.90_rc4
    mplayer mplayer 0.91
    mplayer mplayer 0.92
    mplayer mplayer 0.92.1
    mplayer mplayer 0.92_cvs
    mplayer mplayer 1.0_pre1
    mplayer mplayer 1.0_pre2
    mplayer mplayer 1.0_pre3
    mplayer mplayer 1.0_pre3try2
    mplayer mplayer 1.0_pre4
    mplayer mplayer 1.0_pre5
    mplayer mplayer 1.0_pre5try1
    mplayer mplayer 1.0_pre5try2
    mplayer mplayer head_cvs
    xine xine 0.9.8
    xine xine 0.9.13
    xine xine 0.9.18
    xine xine 1_alpha
    xine xine 1_beta1
    xine xine 1_beta2
    xine xine 1_beta3
    xine xine 1_beta4
    xine xine 1_beta5
    xine xine 1_beta6
    xine xine 1_beta7
    xine xine 1_beta8
    xine xine 1_beta9
    xine xine 1_beta10
    xine xine 1_beta11
    xine xine 1_beta12
    xine xine 1_rc0
    xine xine 1_rc0a
    xine xine 1_rc1
    xine xine 1_rc2
    xine xine 1_rc3
    xine xine 1_rc3a
    xine xine 1_rc3b
    xine xine 1_rc4
    xine xine 1_rc5
    xine xine 1_rc6
    xine xine 1_rc6a
    xine xine 1_rc7
    xine xine 1_rc8
    xine xine-lib 0.9.8
    xine xine-lib 0.9.13
    xine xine-lib 0.99
    xine xine-lib 1_alpha
    xine xine-lib 1_beta1
    xine xine-lib 1_beta2
    xine xine-lib 1_beta3
    xine xine-lib 1_beta4
    xine xine-lib 1_beta5
    xine xine-lib 1_beta6
    xine xine-lib 1_beta7
    xine xine-lib 1_beta8
    xine xine-lib 1_beta9
    xine xine-lib 1_beta10
    xine xine-lib 1_beta11
    xine xine-lib 1_beta12
    xine xine-lib 1_rc0
    xine xine-lib 1_rc1
    xine xine-lib 1_rc2
    xine xine-lib 1_rc3
    xine xine-lib 1_rc3a
    xine xine-lib 1_rc3b
    xine xine-lib 1_rc3c
    xine xine-lib 1_rc4
    xine xine-lib 1_rc5
    xine xine-lib 1_rc6
    xine xine-lib 1_rc6a
    xine xine-lib 1_rc7
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1