Vulnerability Details CVE-2004-1475
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.6%
CVSS Severity
CVSS v2 Score 5.1
References
- http://security.gentoo.org/glsa/glsa-200408-18.xml
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0
- http://www.securityfocus.com/bid/11206
- http://xinehq.de/index.php/security/XSA-2004-4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17430
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17432
- http://security.gentoo.org/glsa/glsa-200408-18.xml
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0
- http://www.securityfocus.com/bid/11206
- http://xinehq.de/index.php/security/XSA-2004-4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17430
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17432
Products affected by CVE-2004-1475
-
cpe:2.3:a:xine:xine-lib:0.99
-
cpe:2.3:a:xine:xine-lib:1_rc2
-
cpe:2.3:a:xine:xine-lib:1_rc3
-
cpe:2.3:a:xine:xine-lib:1_rc4
-
cpe:2.3:a:xine:xine-lib:1_rc5
-
cpe:2.3:a:xine:xine:0.9.18
-
cpe:2.3:a:xine:xine:1_rc2
-
cpe:2.3:a:xine:xine:1_rc3
-
cpe:2.3:a:xine:xine:1_rc4
-
cpe:2.3:a:xine:xine:1_rc5