CVE-2004-1034

Kaffeine < 0.5 - Buffer Overflow via Long Content-Type Header in Real Audio Media Playlist

Title source: llm

Description

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

References (6)

Core 6

Core References

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11528

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200411-14.xml

Product x_refsource_confirm

http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13117/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17849

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028061.html

Scores

EPSS 0.0593

EPSS Percentile 90.7%

Details

Status published

Products (6)

gentoo/linux

kaffeine/kaffeine_player 0.4.2

kaffeine/kaffeine_player 0.4.3

kaffeine/kaffeine_player 0.4.3b

kaffeine/kaffeine_player 0.5_rc1

xine/gxine 0.3

Published Mar 01, 2005

Tracked Since Feb 18, 2026