CVE-2004-1475

Xine - Buffer Overflow

Title source: rule

Description

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

Exploits (1)

exploitdb WORKING POC VERIFIED

by c0ntex · cremotelinux

https://www.exploit-db.com/exploits/386

View Code ZIP pw:eip

References (7)

[Patch] http://www.securityfocus.com/bid/11206

[Various Sources] http://xinehq.de/index.php/security/XSA-2004-4

[Vendor Advisory] http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17432

[Patch] http://security.gentoo.org/glsa/glsa-200408-18.xml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17430

[Patch] http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml

Scores

EPSS 0.0548

EPSS Percentile 90.2%

Details

Status published

Products (10)

xine/xine 0.9.18

xine/xine 1_rc2

xine/xine 1_rc3

xine/xine 1_rc4

xine/xine 1_rc5

xine/xine-lib 0.99

xine/xine-lib 1_rc2

xine/xine-lib 1_rc3

xine/xine-lib 1_rc4

xine/xine-lib 1_rc5

Published Dec 31, 2004

Tracked Since Feb 18, 2026