ID CVE-2004-1476
Summary Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
References
Vulnerable Configurations
  • cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.2:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.2:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
CVSS
Base: 5.1 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 11206
bugtraq 20040907 XSA-2004-4: multiple string overflows
confirm http://xinehq.de/index.php/security/XSA-2004-4
gentoo GLSA-200409-30
xf xine-videocd-disk-bo(17431)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:31
Back to Top