PT-2004-2135 · Mplayer+1 · Mplayer+1
Publicado
2004-12-22
·
Atualizado
2017-07-11
·
CVE-2004-1187
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
xine version 0.99.2
MPlayer versions (affected versions not specified)
Description:
A heap-based buffer overflow issue exists in the
pnm get chunk function, allowing remote attackers to execute arbitrary code via long PNA TAG values.Recommendations:
For xine version 0.99.2, update to a version that fixes the
pnm get chunk function issue.
For MPlayer, restrict access to the pnm get chunk function until a patch is available.
Avoid using long PNA TAG values in the affected API endpoint until the issue is resolved.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mplayer
Xine