Vulnerability Name: | CVE-2004-1379 (CCN-17423) |
Assigned: | 2004-09-06 |
Published: | 2004-09-06 |
Updated: | 2017-07-11 |
Summary: | Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
|
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: BugTraq Mailing List, Mon Sep 06 2004 - 14:38:29 CDT XSA-2004-5: heap overflow in DVD subpicture decoder
Source: MITRE Type: CNA CVE-2004-1379
Source: CCN Type: slackware-security Mailing List, Wed, 22 Sep 2004 13:39:28 -0700 (PDT) [slackware-security] xine-lib (SSA:2004-266-04)
Source: SLACKWARE Type: Patch SSA:2004-266
Source: DEBIAN Type: Patch, Vendor Advisory DSA-657
Source: DEBIAN Type: DSA-657 xine-lib -- buffer overflow
Source: CCN Type: GLSA-200409-30 xine-lib: Multiple vulnerabilities
Source: GENTOO Type: Patch GLSA-200409-30
Source: CCN Type: OSVDB ID: 10044 xine-lib DVD Subpicture Decoder Remote Overflow
Source: BUGTRAQ Type: UNKNOWN 20040906 XSA-2004-5: heap overflow in DVD subpicture decoder
Source: BID Type: Patch 11205
Source: CCN Type: BID-11205 Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
Source: CONFIRM Type: UNKNOWN http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html
Source: CCN Type: xine Web site xine - A Free Video Player
Source: CCN Type: xine-Project Download Web page Download and install xine-lib
Source: CONFIRM Type: Patch, Vendor Advisory http://xinehq.de/index.php/security/XSA-2004-5
Source: XF Type: UNKNOWN xine-dvd-subpicture-bo(17423)
Source: XF Type: UNKNOWN xine-dvd-subpicture-bo(17423)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:xine:xine:1_alpha:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta1:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta2:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta3:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta4:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta5:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta6:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta7:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta8:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta9:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta10:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta11:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_beta12:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc0:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc0a:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc1:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc2:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc3:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc3a:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc3b:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc4:*:*:*:*:*:*:*OR cpe:/a:xine:xine:1_rc5:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*OR cpe:/a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |