PT-2004-2135 · Mplayer+1 · Mplayer+1
Published
2004-12-22
·
Updated
2017-07-11
·
CVE-2004-1187
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
xine version 0.99.2
MPlayer versions (affected versions not specified)
Description:
A heap-based buffer overflow issue exists in the
pnm get chunk function, allowing remote attackers to execute arbitrary code via long PNA TAG values.Recommendations:
For xine version 0.99.2, update to a version that fixes the
pnm get chunk function issue.
For MPlayer, restrict access to the pnm get chunk function until a patch is available.
Avoid using long PNA TAG values in the affected API endpoint until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mplayer
Xine