CVE-2004-1034

2005-03-0105:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1034

buffer overflow

kaffeine

remote attackers

denial of service

arbitrary code

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.3%

JSON

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

Affected configurations

NVD

Node

kaffeinekaffeine_playerMatch0.4.2

kaffeinekaffeine_playerMatch0.4.3

kaffeinekaffeine_playerMatch0.4.3b

kaffeinekaffeine_playerMatch0.5_rc1

xinegxineMatch0.3

Node

gentoolinux

CPENameOperatorVersion
kaffeine:kaffeine_playerkaffeine kaffeine playereq0.4.2
kaffeine:kaffeine_playerkaffeine kaffeine playereq0.4.3
kaffeine:kaffeine_playerkaffeine kaffeine playereq0.4.3b
kaffeine:kaffeine_playerkaffeine kaffeine playereq0.5_rc1
xine:gxinexine gxineeq0.3

CPE	Name	Operator	Version
kaffeine:kaffeine_player	kaffeine kaffeine player	eq	0.4.2
kaffeine:kaffeine_player	kaffeine kaffeine player	eq	0.4.3
kaffeine:kaffeine_player	kaffeine kaffeine player	eq	0.4.3b
kaffeine:kaffeine_player	kaffeine kaffeine player	eq	0.5_rc1
xine:gxine	xine gxine	eq	0.3