Description
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
Product(s):
- Xine Xine-lib 1 Beta10
- Xine Xine-lib 1 Beta11
- Xine Xine-lib 1_beta1
- Xine Xine-lib 1_beta2
- Xine Xine-lib 1_beta3
- Xine Xine-lib 1_beta4
- Xine Xine-lib 1_beta5
- Xine Xine-lib 1_beta6
- Xine Xine-lib 1_beta7
- Xine Xine-lib 1_beta8
- Xine Xine-lib 1_beta9
- Xine Xine-lib 1_rc2
- Xine Xine-lib 1_rc3a
- Xine Xine-lib 1_rc3b
- Xine Xine-lib 1_rc3c
- Xine Xine-lib 1_rc4
- Xine Xine-lib 1_rc5
- Xine Xine-lib 1_rc5_r2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1455, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1455 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.