CVE-2004-1034

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

Published: Mar 1, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1034
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xine / gxine	0.3	0.3.x
kaffeine / kaffeine_player	0.5_rc1	0.5_rc1.x
kaffeine / kaffeine_player	0.4.3	0.4.3.x
kaffeine / kaffeine_player	0.4.3b	0.4.3b.x
kaffeine / kaffeine_player	0.4.2	0.4.2.x
gentoo / linux	-	-

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028061.html
http://secunia.com/advisories/13117/
http://security.gentoo.org/glsa/glsa-200411-14.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655
http://www.securityfocus.com/bid/11528
https://exchange.xforce.ibmcloud.com/vulnerabilities/17849

Vulnerability Database

289,599

CVE-2004-1034