Vulnerability Details CVE-2004-1476
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.0%
CVSS Severity
CVSS v2 Score 5.1
References
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0
- http://www.securityfocus.com/bid/11206
- http://xinehq.de/index.php/security/XSA-2004-4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17431
- http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
- http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0
- http://www.securityfocus.com/bid/11206
- http://xinehq.de/index.php/security/XSA-2004-4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17431
Products affected by CVE-2004-1476
-
cpe:2.3:a:xine:xine-lib:0.99
-
cpe:2.3:a:xine:xine-lib:1_rc2
-
cpe:2.3:a:xine:xine-lib:1_rc3
-
cpe:2.3:a:xine:xine-lib:1_rc4
-
cpe:2.3:a:xine:xine-lib:1_rc5
-
cpe:2.3:a:xine:xine:0.9.18
-
cpe:2.3:a:xine:xine:1_rc2
-
cpe:2.3:a:xine:xine:1_rc3
-
cpe:2.3:a:xine:xine:1_rc4
-
cpe:2.3:a:xine:xine:1_rc5
-
cpe:2.3:o:suse:suse_linux:8.0
-
cpe:2.3:o:suse:suse_linux:8.1
-
cpe:2.3:o:suse:suse_linux:8.2
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2