Total
38 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1482 | 1 Xine | 1 Xine-lib | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c. | |||||
CVE-2009-1274 | 1 Xine | 1 Xine-lib | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. | |||||
CVE-2008-5247 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. | |||||
CVE-2009-0698 | 1 Xine | 1 Xine-lib | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | |||||
CVE-2008-5234 | 1 Xine | 1 Xine-lib | 2024-02-28 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15. | |||||
CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | |||||
CVE-2008-5242 | 1 Xine | 1 Xine-lib | 2024-02-28 | 6.8 MEDIUM | N/A |
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | |||||
CVE-2008-1686 | 2 Xine, Xiph | 3 Xine-lib, Libfishsound, Speex | 2024-02-28 | 9.3 HIGH | N/A |
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | |||||
CVE-2008-5248 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." | |||||
CVE-2008-5239 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | |||||
CVE-2008-5241 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). | |||||
CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | |||||
CVE-2008-1878 | 1 Xine | 1 Xine-lib | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. | |||||
CVE-2008-5243 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. | |||||
CVE-2008-0073 | 2 Redhat, Xine | 2 Fedora, Xine-lib | 2024-02-28 | 6.8 MEDIUM | N/A |
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | |||||
CVE-2008-5245 | 1 Xine | 1 Xine-lib | 2024-02-28 | 9.3 HIGH | N/A |
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. | |||||
CVE-2008-5233 | 1 Xine | 1 Xine-lib | 2024-02-28 | 4.3 MEDIUM | N/A |
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | |||||
CVE-2008-5244 | 1 Xine | 1 Xine-lib | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. | |||||
CVE-2008-5246 | 1 Xine | 1 Xine-lib | 2024-02-28 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0238 | 1 Xine | 1 Xine-lib | 2024-02-28 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |