Vulnerabilities > CVE-2004-1300 - Unspecified vulnerability in Xine Xine-Lib 1Rc7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Xine-Lib 0.9/1 Remote Client-Side Buffer Overflow Vulnerability. CVE-2004-1300. Remote exploit for linux platform |
| id | EDB-ID:24978 |
| last seen | 2016-02-03 |
| modified | 2004-12-16 |
| published | 2004-12-16 |
| reporter | Ariel Berkman |
| source | https://www.exploit-db.com/download/24978/ |
| title | Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_64C8CC2A59B111D98A99000C6E8F12EF.NASL description Due to a buffer overflow in the open_aiff_file function in demux_aiff.c, a remote attacker is able to execute arbitrary code via a modified AIFF file. last seen 2020-06-01 modified 2020-06-02 plugin id 18962 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18962 title FreeBSD : libxine -- buffer-overflow vulnerability in aiff support (64c8cc2a-59b1-11d9-8a99-000c6e8f12ef) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-07.NASL description The remote host is affected by the vulnerability described in GLSA-200501-07 (xine-lib: Multiple overflows) Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size in demux_aiff.c, making it vulnerable to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). iDefense also discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188). Impact : A remote attacker could craft a malicious movie or convince a targeted user to connect to a malicious PNM server, which could result in the execution of arbitrary code with the rights of the user running any xine-lib frontend. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16398 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16398 title GLSA-200501-07 : xine-lib: Multiple overflows NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-011.NASL description iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CVE-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CVE-2004-1188). Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CVE-2004-1300). The updated packages have been patched to prevent these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 16220 published 2005-01-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16220 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:011)