Filtered by vendor Xine
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1274 | 1 Xine | 1 Xine-lib | 2018-10-10 | 5.0 MEDIUM | N/A |
| Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. | |||||
| CVE-2009-0698 | 1 Xine | 1 Xine-lib | 2018-10-10 | 7.5 HIGH | N/A |
| Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | |||||
| CVE-2006-2802 | 1 Xine | 2 Gxine, Xine-lib | 2018-10-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2008-1878 | 1 Xine | 1 Xine-lib | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. | |||||
| CVE-2008-5245 | 1 Xine | 1 Xine-lib | 2017-08-08 | 9.3 HIGH | N/A |
| xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. | |||||
| CVE-2008-5246 | 1 Xine | 1 Xine-lib | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2017-08-08 | 4.3 MEDIUM | N/A |
| xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | |||||
| CVE-2008-0073 | 2 Redhat, Xine | 2 Fedora, Xine-lib | 2017-08-08 | 6.8 MEDIUM | N/A |
| Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | |||||
| CVE-2005-2967 | 1 Xine | 1 Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. | |||||
| CVE-2005-1195 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | |||||
| CVE-2004-1475 | 1 Xine | 2 Xine, Xine-lib | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2017-07-11 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||
| CVE-2004-1455 | 1 Xine | 1 Xine-lib | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. | |||||
| CVE-2004-1476 | 2 Suse, Xine | 3 Suse Linux, Xine, Xine-lib | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | |||||
| CVE-2004-1379 | 1 Xine | 2 Xine, Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field. | |||||
| CVE-2004-0433 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets. | |||||
| CVE-2004-1300 | 1 Xine | 1 Xine-lib | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | |||||
| CVE-2004-1187 | 3 Mandrakesoft, Mplayer, Xine | 4 Mandrake Linux, Mplayer, Xine and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | |||||
| CVE-2004-0372 | 1 Xine | 1 Xine | 2017-07-11 | 2.1 LOW | N/A |
| xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. | |||||