ID CVE-2004-1300
Summary Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
References
Vulnerable Configurations
  • cpe:2.3:a:xine:xine-lib:1_rc7
    cpe:2.3:a:xine:xine-lib:1_rc7
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Xine-Lib 0.9/1 Remote Client-Side Buffer Overflow Vulnerability. CVE-2004-1300. Remote exploit for linux platform
id EDB-ID:24978
last seen 2016-02-03
modified 2004-12-16
published 2004-12-16
reporter Ariel Berkman
source https://www.exploit-db.com/download/24978/
title Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-07 (xine-lib: Multiple overflows) Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demux_aiff.c, making it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). iDefense also discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188). Impact : A remote attacker could craft a malicious movie or convince a targeted user to connect to a malicious PNM server, which could result in the execution of arbitrary code with the rights of the user running any xine-lib frontend. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16398
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16398
    title GLSA-200501-07 : xine-lib: Multiple overflows
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-011.NASL
    description iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CVE-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CVE-2004-1188). Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CVE-2004-1300). The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16220
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16220
    title Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:011)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_64C8CC2A59B111D98A99000C6E8F12EF.NASL
    description Due to a buffer overflow in the open_aiff_file function in demux_aiff.c, a remote attacker is able to execute arbitrary code via a modified AIFF file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 18962
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18962
    title FreeBSD : libxine -- buffer-overflow vulnerability in aiff support (64c8cc2a-59b1-11d9-8a99-000c6e8f12ef)
refmap via4
mandrake MDKSA-2005:011
misc http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
xf xine-openaifffile-bo(18611)
Last major update 10-09-2008 - 15:29
Published 10-01-2005 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top