Vulnerabilites related to xine - xine-lib
Vulnerability from fkie_nvd
Published
2006-06-28 01:45
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mimms:mimms:0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8336443A-DE31-4DD7-AA6A-82D7B33332A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en libmms, utilizado por (a) MiMMs v0.0.9 y (b) xine-lib v1.1.0 y versiones anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) send_command, (2) string_utf16, (3) get_data, y (4) funciones get_media_packet ,y posiblemente otras funciones.\r\n\r\n" } ], "id": "CVE-2006-2200", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-28T01:45:00.000", "references": [ { "source": "security@debian.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20749" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20948" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20964" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21023" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21036" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21139" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23218" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23512" }, { "source": "security@debian.org", "url": "http://security.gentoo.org/glsa/glsa-200607-07.xml" }, { "source": "security@debian.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842" }, { "source": "security@debian.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=468432" }, { "source": "security@debian.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117" }, { "source": "security@debian.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121" }, { "source": "security@debian.org", "url": "http://www.securityfocus.com/bid/18608" }, { "source": "security@debian.org", "url": "http://www.ubuntu.com/usn/usn-309-1" }, { "source": "security@debian.org", "url": "http://www.ubuntu.com/usn/usn-315-1" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20749" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20948" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23218" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200607-07.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=468432" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-309-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-315-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2487" } ], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value." }, { "lang": "es", "value": "xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, se basa en un valor de entrada no confiable para determinar la localizaci\u00f3n de memoria y no comprobar el resultado para (1) el elemento pista de entrada MATROSKA_ID_TR_CODECPRIVATE procesado por demux_matroska.c; y (2) PROP_TAG, (3) MDPR_TAG, y (4) CONT_TAG trozos procesados por la funci\u00f3n real_parse_headers en demux_real.c; el cual permite a los atacantes remotos causar una denegaci\u00f3n de servicios (putero nulo no referenciado y ca\u00edda) o posiblemente ejecuta c\u00f3digo arbitrario a trav\u00e9s de un valor manipulado." } ], "id": "CVE-2008-5240", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.610", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/33544" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/47742" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/47742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mplayer | mplayer | * | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3a | |
xine | xine-lib | 1_rc3b | |
xine | xine-lib | 1_rc3c |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8EEE614-9EB1-4217-B962-AD3EECD7C689", "versionEndIncluding": "1.0_pre6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code." } ], "id": "CVE-2005-1195", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u" }, { "source": "cve@mitre.org", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u" }, { "source": "cve@mitre.org", "url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/15014" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013771" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/15711" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/15712" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/396703" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/13271" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://secunia.com/advisories/15014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1013771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/15711" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/15712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/396703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/13271" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66", "versionEndIncluding": "1.1.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en xine-lib anterior a 1.1.15; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a a trav\u00e9s de vectores que env\u00edan datos ID3 a las funciones (1) id3v22_interp_frame Y (2) id3v24_interp_frame en src/demuxers/id3.c. NOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros." } ], "id": "CVE-2008-5246", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.717", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/47677" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30698" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/47677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-01-10 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61", "versionEndIncluding": "1.1.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information." }, { "lang": "es", "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n rmff_dump_cont en la biblioteca input/libreal/rmff.c en xine-lib versi\u00f3n 1.1.9 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del atributo SDP Abstract en una sesi\u00f3n RTSP, relacionada a la funci\u00f3n rmff_dump_header y relacionada con la omisi\u00f3n del campo max. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros." } ], "id": "CVE-2008-0225", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-01-10T23:46:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt" }, { "source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28384" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28489" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28507" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28636" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28674" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28955" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=567872" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1472" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27198" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0163" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=567872" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0163" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine | 1_alpha | |
xine | xine | 1_beta1 | |
xine | xine | 1_beta2 | |
xine | xine | 1_beta3 | |
xine | xine | 1_beta4 | |
xine | xine | 1_beta5 | |
xine | xine | 1_beta6 | |
xine | xine | 1_beta7 | |
xine | xine | 1_beta8 | |
xine | xine | 1_beta9 | |
xine | xine | 1_beta10 | |
xine | xine | 1_beta11 | |
xine | xine | 1_beta12 | |
xine | xine | 1_rc0 | |
xine | xine | 1_rc0a | |
xine | xine | 1_rc1 | |
xine | xine | 1_rc2 | |
xine | xine | 1_rc3 | |
xine | xine | 1_rc3a | |
xine | xine | 1_rc3b | |
xine | xine | 1_rc4 | |
xine | xine | 1_rc5 | |
xine | xine-lib | 0.9.8 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta12 | |
xine | xine-lib | 1_rc0 | |
xine | xine-lib | 1_rc1 | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3 | |
xine | xine-lib | 1_rc3a | |
xine | xine-lib | 1_rc3b | |
xine | xine-lib | 1_rc3c | |
xine | xine-lib | 1_rc4 | |
xine | xine-lib | 1_rc5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*", "matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field." } ], "id": "CVE-2004-1379", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-09-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-657" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11205" }, { "source": "cve@mitre.org", "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2004-5" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2004-5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66", "versionEndIncluding": "1.1.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) un metadato manipulado de tama\u00f1o at\u00f3mico procesado por la funci\u00f3n parse_moov_atom en demux_qt.c y (2) un marco leyendo en la funci\u00f3n id3v23_interp_frame en id3.c. NOTA: a fecha de 22-11-2008, es posible que el vector 1 no se haya fijado en 1.1.15.\r\n\r\n\r\n" } ], "evaluatorComment": "http://secunia.com/advisories/31502\r\n\r\n1) Multiple integer overflows exist within the processing of ID3 tags in src/demuxers/id3.c. These can be exploited to cause heap-based buffer overflows via overly large ID3 frame header size fields.\r\n\r\n2) Multiple boundary errors exist within the \"demux_real_send_chunk()\" function in src/demuxers/demux_real.c. These can potentially be exploited to cause heap-based buffer overflows via specially crafted Real Media files.\r\n\r\n3) A boundary error exists within the \"open_video_capture_device()\" function in src/input/input_v4l.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted V4L stream.\r\n\r\n4) A boundary error exists within the \"parse_moov_atom()\" function in src/demuxers/demux_qt.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted Quicktime file.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of arbitrary code.\r\n\r\nThe vulnerabilities are reported in versions prior to 1.1.15.", "evaluatorSolution": "http://secunia.com/advisories/31502\r\n\r\nSolution:\r\nUpdate to version 1.1.15, which fixes vulnerabilities #1-#3. (as noted above).", "id": "CVE-2008-5234", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.483", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31502" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/33544" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "2AD73BA0-D315-4ADA-A942-8DCC2A920B28", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*", "matchCriteriaId": "710ACCE6-B3E3-474A-B78B-5A123EC24DE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*", "matchCriteriaId": "55D3C3E6-862E-470E-8CEA-4B333B906172", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "30D6A539-5523-4E52-854A-82CDCDBDFC45", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "CA841B0B-8FA9-45F9-9B60-7C9BD1A92E14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "91907AEA-D84F-4DD9-AD22-41E563182FC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*", "matchCriteriaId": "D200DE0F-D8BB-460D-928E-E59473F84B38", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "5103A1E1-670A-4527-9FB8-9D8B0DA506D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*", "matchCriteriaId": "500E5BD7-3F17-455F-8463-50B145128873", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*", "matchCriteriaId": "3BE4C532-1756-4B2E-94EE-8F8253281F54", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*", "matchCriteriaId": "0E6875BE-67F1-4E0E-A610-7B6EDBAB6431", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*", "matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*", "matchCriteriaId": "29A09BDA-DA05-4512-9E39-14819C410CD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*", "matchCriteriaId": "A5650520-0CCA-47C1-A7B8-8A6129BE6B83", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*", "matchCriteriaId": "FD1FAB76-B1DB-400E-9224-09E82D9A8847", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*", "matchCriteriaId": "D4D18950-F883-47D1-B95B-6F46F2F6F701", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "9B5D1CF3-66DF-4000-BEC7-760367856891", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*", "matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*", "matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*", "matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*", "matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*", "matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "B469D7A8-9CF5-4AF7-802F-E43752AF18F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*", "matchCriteriaId": "5B3AA3FD-BB0E-4164-85EB-30613900C4AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*", "matchCriteriaId": "44D12F07-097C-4F21-9D97-AF3ABAA1C089", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*", "matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188." } ], "id": "CVE-2004-1187", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "cve@mitre.org", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-10-14 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD." } ], "id": "CVE-2005-2967", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-10-14T10:02:00.000", "references": [ { "source": "security@debian.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17097" }, { "source": "security@debian.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/17099/" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17111" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17132" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17162" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17179" }, { "source": "security@debian.org", "url": "http://secunia.com/advisories/17282" }, { "source": "security@debian.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454" }, { "source": "security@debian.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-863" }, { "source": "security@debian.org", "tags": [ "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" }, { "source": "security@debian.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" }, { "source": "security@debian.org", "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" }, { "source": "security@debian.org", "url": "http://www.osvdb.org/19892" }, { "source": "security@debian.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/15044" }, { "source": "security@debian.org", "url": "http://www.ubuntu.com/usn/usn-196-1" }, { "source": "security@debian.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2005-1" }, { "source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17097" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/17099/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17132" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17179" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2005/dsa-863" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/19892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/15044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-196-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2005-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" } ], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*", "matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file." } ], "id": "CVE-2004-1300", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-07 10:04
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream." } ], "id": "CVE-2006-1664", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-07T10:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19853" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19856" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/28666" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015868" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17370" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/1641" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19856" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015868" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/1641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine | 0.9.18 | |
xine | xine | 1_rc2 | |
xine | xine | 1_rc3 | |
xine | xine | 1_rc4 | |
xine | xine | 1_rc5 | |
xine | xine-lib | 0.99 | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3 | |
xine | xine-lib | 1_rc4 | |
xine | xine-lib | 1_rc5 | |
suse | suse_linux | 8.0 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:personal:*:*:*:*:*", "matchCriteriaId": "D4940BE0-08CA-4B6C-ACA2-EE6EECE3E4B8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*", "matchCriteriaId": "F239BA8A-6B41-4B08-8C7C-25D235812C50", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*", "matchCriteriaId": "3EA56868-ACA1-4C65-9FFB-A68129D2428A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*", "matchCriteriaId": "3BEE15E9-9194-4E37-AB3B-66ECD5AC9E11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label." } ], "id": "CVE-2004-1476", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11206" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2025-04-09 00:30
Severity ?
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*", "matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter." }, { "lang": "es", "value": "Error de \u00edndice de array en la funci\u00f3n sdpplin_parse de input/libreal/sdpplin.c en xine-lib 1.1.10.1 permite a servidores RTSP remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro streamid SDP grande." } ], "id": "CVE-2008-0073", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-03-24T22:44:00.000", "references": [ { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28694" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29392" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29472" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29503" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29578" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29601" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29740" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29766" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/29800" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/30581" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/31372" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/31393" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2008-10/" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://wiki.videolan.org/Changelog/0.8.6f" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.debian.org/security/2008/dsa-1543" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/28312" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id?1019682" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.videolan.org/security/sa0803.php" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/0923" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/0985" }, { "source": "PSIRT-CNA@flexerasoftware.com", "tags": [ "Patch" ], "url": "http://xinehq.de/index.php/news" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "source": "PSIRT-CNA@flexerasoftware.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29503" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29578" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29601" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/secunia_research/2008-10/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.videolan.org/Changelog/0.8.6f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1543" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019682" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.videolan.org/security/sa0803.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0923" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://xinehq.de/index.php/news" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html" } ], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad." }, { "lang": "es", "value": "Vulnerabilidad no especificada en xine-lib anterior a v1.1.15, tiene un impacto desconocido y vectores de ataque relacionados con libfaad. NOTA: Debido a la falta de detalles, no est\u00e1 claro si es una vulnerabilidad que afecta a xine-lib o a libfaad." } ], "id": "CVE-2008-5244", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-11-26T01:30:00.670", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-02-23 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "066B88F9-0617-403E-9B7A-B8CAC6E76D5F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385." }, { "lang": "es", "value": "Un desbordamiento de entero en el demuxer 4xm (demuxers/demux_4xm.c) en xine-lib 1.1.16.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (con ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de pel\u00edcula 4X con un gran valor current_track. Se trata de un problema similar al de CVE-2009-0385." } ], "id": "CVE-2009-0698", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-02-23T15:30:04.110", "references": [ { "source": "secalert@redhat.com", "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-746-1" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-746-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines." } ], "id": "CVE-2004-1475", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://security.gentoo.org/glsa/glsa-200408-18.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11206" }, { "source": "cve@mitre.org", "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://security.gentoo.org/glsa/glsa-200408-18.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/11206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error." }, { "lang": "es", "value": "La funci\u00f3n real_parse_headers en demux_real.c en xine-lib 1.1.12, y otras v1.1.15 y versiones anteriores, conf\u00eda en un valor de longitud de entrada no confiable a \"reindexar en un b\u00fafer asignado\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un valor manipulado, probablemente un error de \u00edndice de array." } ], "id": "CVE-2008-5243", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.657", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/33544" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-04-17 22:05
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED7557F8-5A8F-4DCE-AB62-BB6E88893443", "versionEndIncluding": "1.1.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basada en pila en la funci\u00f3n demux_nsf_send_chunk en el src/demuxers/demux_nsf.c en xine-lib 1.1.12 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un t\u00edtulo NSF largo." } ], "id": "CVE-2008-1878", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-04-17T22:05:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29850" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30021" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30337" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30581" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31372" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28816" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1247/references" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5458" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29850" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1247/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5458" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "2AD73BA0-D315-4ADA-A942-8DCC2A920B28", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*", "matchCriteriaId": "710ACCE6-B3E3-474A-B78B-5A123EC24DE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*", "matchCriteriaId": "55D3C3E6-862E-470E-8CEA-4B333B906172", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "30D6A539-5523-4E52-854A-82CDCDBDFC45", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "CA841B0B-8FA9-45F9-9B60-7C9BD1A92E14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "91907AEA-D84F-4DD9-AD22-41E563182FC2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*", "matchCriteriaId": "D200DE0F-D8BB-460D-928E-E59473F84B38", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "5103A1E1-670A-4527-9FB8-9D8B0DA506D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*", "matchCriteriaId": "500E5BD7-3F17-455F-8463-50B145128873", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*", "matchCriteriaId": "3BE4C532-1756-4B2E-94EE-8F8253281F54", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*", "matchCriteriaId": "0E6875BE-67F1-4E0E-A610-7B6EDBAB6431", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*", "matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*", "matchCriteriaId": "29A09BDA-DA05-4512-9E39-14819C410CD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*", "matchCriteriaId": "A5650520-0CCA-47C1-A7B8-8A6129BE6B83", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*", "matchCriteriaId": "FD1FAB76-B1DB-400E-9224-09E82D9A8847", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*", "matchCriteriaId": "D4D18950-F883-47D1-B95B-6F46F2F6F701", "vulnerable": true }, { "criteria": "cpe:2.3:a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "9B5D1CF3-66DF-4000-BEC7-760367856891", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*", "matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*", "matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*", "matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*", "matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*", "matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*", "matchCriteriaId": "B469D7A8-9CF5-4AF7-802F-E43752AF18F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*", "matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*", "matchCriteriaId": "5B3AA3FD-BB0E-4164-85EB-30613900C4AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*", "matchCriteriaId": "44D12F07-097C-4F21-9D97-AF3ABAA1C089", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*", "matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187." } ], "id": "CVE-2004-1188", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "cve@mitre.org", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-29 19:44
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-plugin | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61", "versionEndIncluding": "1.1.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2FD9EFC-8213-4543-B57E-5BCD4929487A", "versionEndIncluding": "1.1.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en demuxers/demux_asf.c (tambi\u00e9n conocido como ASF demuxer) en la extensi\u00f3n xineplug_dmx_asf.so de xine-lib before 1.1.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una cabecera ASF manipulada.\r\nNOTA: esta cuesti\u00f3n provoca una ca\u00edda cuando un atacante utiliza el c\u00f3digo del exploit CVE-2006-1664, pero esto es diferente a CVE-2006-1664." } ], "id": "CVE-2008-1110", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-02-29T19:44:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=208100" }, { "source": "cve@mitre.org", "url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29141" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://xinehq.de/index.php/news" }, { "source": "cve@mitre.org", "url": "http://xinehq.de/index.php/security" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/1641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=208100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://xinehq.de/index.php/news" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xinehq.de/index.php/security" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/1641" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value." }, { "lang": "es", "value": "La funci\u00f3n real_parse_audio_specific_data en demux_real.c en xine-lib v1.1.12, y otros 1.1.15 y versiones anteriores, utiliza un valor de altura no confiable (tambi\u00e9n conocido como codec_data_length) como divisor, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de dicisi\u00f3n por cero y ca\u00edda) mediante un valor cero." } ], "id": "CVE-2008-5247", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.733", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-04-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "25A4FBA1-BC5C-43F8-AD20-7D7245382EC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "066B88F9-0617-403E-9B7A-B8CAC6E76D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "D88354B3-C565-480C-B45D-CB172F139E28", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow." }, { "lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n qt_error parse_trak_atom en demuxers/demux_qt.c en xine-lib v1.1.16.2 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero de v\u00eddeo Quicktime, con un valor largo de contador en un elemento STTS, lo que provoca un desbordamiento de b\u00fafer basado en mont\u00edculo." } ], "id": "CVE-2009-1274", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-04-08T18:30:00.250", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=224" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/53288" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34593" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34712" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/35416" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34384" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021989" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.trapkit.de/advisories/TKADV2009-005.txt" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0937" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=224" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/53288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34593" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/34384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.trapkit.de/advisories/TKADV2009-005.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/0937" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)." }, { "lang": "es", "value": "Desbordamiento inferior de b\u00fafer en demux_qt.c en xine-lib 1.1.12, y otras 1.1.15 y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un archivo media manipulado que resulta en un valor peque\u00f1o de moov_atom_size en un MOV comprimido (tambi\u00e9n conocido como CMOV_ATOM)." } ], "id": "CVE-2008-5241", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.627", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-03 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:gxine:0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "1EB1CC9F-3531-47B8-8638-734BF697F235", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en el HTTP Plugin (xineplug_inp_http.so) para xine-lib 1.1.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una respuesta larga de un servidor HTTP, seg\u00fan lo demostrado usando gxine 0.5.6." } ], "id": "CVE-2006-2802", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-06-03T10:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/20369" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20549" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20766" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20828" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/20942" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/21919" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200609-08.xml" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1105" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/25936" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18187" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/295-1/" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/1852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/20369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20549" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20828" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200609-08.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/25936" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/18187" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/295-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/1852" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-14 21:07
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A8D011-D000-4E99-B4F9-3C7EDCDF3166", "versionEndIncluding": "1.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en ffmpeg para xine-lib anterior a 1.1.2 podr\u00eda permitir a atacantes (locales o remotos dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante \"\u00edndices err\u00f3neos\" en un archivo AVI especialmente construido. Es una vulnerabilidad diferente a CVE-2005-4048 y CVE-2006-2802." } ], "id": "CVE-2006-4799", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-09-14T21:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22230" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/23010" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/23213" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-358-1" }, { "source": "cve@mitre.org", "url": "http://www.us.debian.org/security/2006/dsa-1215" }, { "source": "cve@mitre.org", "url": "http://xinehq.de/index.php/news" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-358-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.us.debian.org/security/2006/dsa-1215" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xinehq.de/index.php/news" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-01-11 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61", "versionEndIncluding": "1.1.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de la pila din\u00e1mica (heap) en la funci\u00f3n rmff_dump_cont contenida en el fichero input/libreal/rmff.c de xine-lib 1.1.9, permite que atacantes remotos ejecuten c\u00f3digo arbitrario a trav\u00e9s del SDP (1) Title, (2) Author, o (3) el atributo Copyright, relacionado con la funci\u00f3n rmff_dump_header, vectores diferentes a la CVE-2008-0225. NOTA: se desconoce la procedencia de esta informaci\u00f3n; los detalles se han obtenido s\u00f3lamente de terceros." } ], "evaluatorSolution": "Please see the following link for more information regarding the exploit:\r\n\r\nhttp://aluigi.altervista.org/adv/xinermffhof-adv.txt", "id": "CVE-2008-0238", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-01-11T21:46:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28384" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/28674" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/28955" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66", "versionEndIncluding": "1.1.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." }, { "lang": "es", "value": "xine-lib v1.1.12 y versiones anteriores a v1.1.15, no comprueba que pueda fallar malloc en circunstancias que incluyen (1) la funci\u00f3n mymng_process_header en demux_mng.c, (2) la funci\u00f3n open_mod_file en demux_mod.c y (3) frame_buffer allocation en la funci\u00f3n real_parse_audio_specific_data en demux_real.c; esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia manipulado." } ], "id": "CVE-2008-5233", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.467", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/47747" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/47747" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine | 0.9.8 | |
xine | xine | 0.9.13 | |
xine | xine | 1_beta1 | |
xine | xine | 1_beta2 | |
xine | xine | 1_beta3 | |
xine | xine | 1_beta4 | |
xine | xine | 1_beta5 | |
xine | xine | 1_beta6 | |
xine | xine | 1_beta7 | |
xine | xine | 1_beta8 | |
xine | xine | 1_beta9 | |
xine | xine | 1_beta10 | |
xine | xine | 1_beta11 | |
xine | xine | 1_beta12 | |
xine | xine | 1_rc0a | |
xine | xine | 1_rc1 | |
xine | xine | 1_rc2 | |
xine | xine | 1_rc3 | |
xine | xine | 1_rc3a | |
xine | xine | 1_rc3b | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3a | |
xine | xine-lib | 1_rc3b | |
xine | xine-lib | 1_rc3c | |
xine | xine-ui | 0.9.21 | |
xine | xine-ui | 0.9.22 | |
xine | xine-ui | 0.9.23 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*", "matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-ui:0.9.21:*:*:*:*:*:*:*", "matchCriteriaId": "61A8FD65-6A0E-4D76-BE81-002B9F3230E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-ui:0.9.22:*:*:*:*:*:*:*", "matchCriteriaId": "807BDB2A-2895-448D-B28D-D09AE58EA24C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-ui:0.9.23:*:*:*:*:*:*:*", "matchCriteriaId": "590D055B-1608-411A-AA04-4F0F43496BA4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link." } ], "id": "CVE-2004-1951", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/11433" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://security.gentoo.org/glsa/glsa-200404-20.xml" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/5594" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/5739" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/10193" }, { "source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-1" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-2" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://security.gentoo.org/glsa/glsa-200404-20.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5594" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5739" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/10193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-05 12:00
Modified
2025-04-09 00:30
Severity ?
Summary
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*", "matchCriteriaId": "9395B548-2F82-4543-A100-86B56A52B394", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow." }, { "lang": "es", "value": "Vulnerabilidad de \u00edndice de array en libmpdemux/demux_audio.c de MPlayer 1.0rc2 y SVN antes de r25917, y posiblemente versiones anteriores, como se utiliz\u00f3 en Xine-lib 1.1.10. Podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una etiqueta FLAC manipulada que provoca un desbordamiento de b\u00fafer." } ], "id": "CVE-2008-0486", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-02-05T12:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106" }, { "source": "cve@mitre.org", "url": "http://bugs.xine-project.org/show_bug.cgi?id=38" }, { "source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28779" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28801" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28918" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28955" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28956" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28989" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29141" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29307" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29323" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29601" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3608" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.coresecurity.com/?action=item\u0026id=2103" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1496" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046" }, { "source": "cve@mitre.org", "url": "http://www.mplayerhq.hu/design7/news.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27441" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0406/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0421" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.xine-project.org/show_bug.cgi?id=38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28801" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28918" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28956" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/28989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29307" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29601" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.coresecurity.com/?action=item\u0026id=2103" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1496" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mplayerhq.hu/design7/news.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0406/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0421" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de entero en xine-lib 1.1.11 y anteriores permiten a atacantes remotos disparar desbordamientos de b\u00fafer basados en mont\u00edculo y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) un archivo .FLV manipulado, que dispara un desbordamiento en demuxers/demux_flv.c; (2) un archivo .MOV manipulado, que dispara un desbordamiento en demuxers/demux_qt.c; (3) un archivo .RM manipulado, que dispara un desbordamiento en demuxers/demux_real.c; (4) un archivo .MVE manipulado, que dispara un desbordamiento en demuxers/demux_wvc3movie.c; (5) un archivo .MKV manipulado, que dispara un desbordamiento en demuxers/ebml.c; o (6) un archivo .CAK manipulado, que dispara un desbordamiento en demuxers/demux_film.c." } ], "id": "CVE-2008-1482", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-03-24T22:44:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://aluigi.org/poc/xinehof.zip" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29484" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29600" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29622" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29740" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/29756" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30337" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31372" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3769" }, { "source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/28370" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0981/references" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://aluigi.org/poc/xinehof.zip" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29484" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29600" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29622" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3769" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/28370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0981/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" }, { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-04-08 18:05
Modified
2025-04-09 00:30
Severity ?
Summary
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.8 | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 0.99 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xiph | speex | * | |
xiph | speex | 1.0.2 | |
xiph | speex | 1.0.3 | |
xiph | speex | 1.0.4 | |
xiph | speex | 1.0.5 | |
xiph | speex | 1.1.1 | |
xiph | speex | 1.1.2 | |
xiph | speex | 1.1.3 | |
xiph | speex | 1.1.4 | |
xiph | speex | 1.1.5 | |
xiph | speex | 1.1.6 | |
xiph | speex | 1.1.7 | |
xiph | speex | 1.1.8 | |
xiph | speex | 1.1.9 | |
xiph | speex | 1.1.10 | |
xiph | speex | 1.1.11 | |
xiph | speex | 1.1.11.1 | |
xiph | libfishsound | * | |
xiph | libfishsound | 0.5.41 | |
xiph | libfishsound | 0.5.42 | |
xiph | libfishsound | 0.6.0 | |
xiph | libfishsound | 0.6.1 | |
xiph | libfishsound | 0.6.2 | |
xiph | libfishsound | 0.6.3 | |
xiph | libfishsound | 0.7.0 | |
xiph | libfishsound | 0.8.0 | |
xiph | libfishsound | 0.8.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "4432BC00-44D6-4ED9-B642-1BF8C81B6EAD", "versionEndIncluding": "1.1.11.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C3B238B-BE7C-4912-A56A-95DE5051846E", "versionEndIncluding": "1.1.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "95BC5FA0-E710-42D4-8BF0-4D30BC44C833", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8789D167-6DF2-46B7-ABA2-717E141738BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3873FDB9-80A9-4968-B0DC-84201AE1C78C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7339D59-8049-4172-BB68-134F9B50E896", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5D762BB7-7A35-4D2A-9EC7-A328197F1EAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46825B5B-B8A2-4FEB-991D-F2AE174A8C3F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "0D3BC3CC-07AA-445F-8913-E1FABC60C2AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9ACE9F82-E352-47C7-BA34-C97E4FB759FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "4CFF577A-41DB-49B8-BA00-00650DA10DF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "9655A71E-C2E4-4003-BBA7-05BD29375621", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "3E545096-41AC-4DF0-92B4-747CC1F1FE0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "08E27446-B68B-4213-9FD1-3C3A8941BA24", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8A0B0BC2-C155-460B-A8CB-0CF0C04896BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BA06646-FCDF-427D-84B1-99D8C6889CC7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*", "matchCriteriaId": "68C981F1-832E-46A5-99CB-ECC3B46D21DD", "versionEndIncluding": "0.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*", "matchCriteriaId": "FE5D47C5-1171-4A95-82CC-DA965D893F7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*", "matchCriteriaId": "585368E9-36BB-45F6-A427-AF8578AA9347", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "72C4DD65-8354-40DE-B05F-6742A67C8BCF", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "55901750-2FB5-4C4E-A1C9-8204D16FEBC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "022A0430-895C-46EA-A0C6-BA7492443901", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "76C7D68C-FEA1-4DC6-9FC4-A32AF894472C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0B42ED6-243E-427D-86F3-46EEC0DF282D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "30743A63-4AA4-4812-9026-04A8FC1308ED", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer." }, { "lang": "es", "value": "Una vulnerabilidad de \u00edndice de matriz en Speex versi\u00f3n 1.1.12 y anteriores, tal y como es usado en libfishsound versi\u00f3n 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de funci\u00f3n." } ], "id": "CVE-2008-1686", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-04-08T18:05:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "cve@mitre.org", "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29672" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29727" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29835" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29845" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29854" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29866" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29878" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29880" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29881" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29882" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29898" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30104" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30117" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30119" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30337" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30353" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30358" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30581" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/30717" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31393" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml" }, { "source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2008/dsa-1584" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2008/dsa-1585" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124" }, { "source": "cve@mitre.org", "url": "http://www.metadecks.org/software/sweep/news.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2008-004.html" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2008-2.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/28665" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019875" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-611-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-611-2" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-611-3" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1187/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1228/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1268/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1269/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1300/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1301/references" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1302/references" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29672" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29727" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29835" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29845" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29866" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29878" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29880" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29881" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29882" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/29898" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30104" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30337" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30358" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30717" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2008/dsa-1584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2008/dsa-1585" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.metadecks.org/software/sweep/news.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2008-004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2008-2.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/28665" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019875" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-611-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-611-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-611-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1187/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1228/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1268/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1269/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1300/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1301/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1302/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-07-18 16:41
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.8 | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 0.99 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66", "versionEndIncluding": "1.1.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine." }, { "lang": "es", "value": "xine-lib en versiones anteriores a 1.1.15, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo OGG dise\u00f1ado, como es demostrado al reproducir lol-ffplay.ogg con xine." } ], "id": "CVE-2008-3231", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-07-18T16:41:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/30699" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/30699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3a | |
xine | xine-lib | 1_rc3b | |
xine | xine-lib | 1_rc3c | |
xine | xine-lib | 1_rc4 | |
xine | xine-lib | 1_rc5 | |
xine | xine-lib | 1_rc5_r2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc5_r2:*:*:*:*:*:*:*", "matchCriteriaId": "B7CE4165-ED54-4AFC-A584-C145A96819D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL." } ], "id": "CVE-2004-1455", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://open-security.org/advisories/6" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12194/" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/10890" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://open-security.org/advisories/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12194/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/10890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mplayer | mplayer | 1.0_pre3try2 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_rc2 | |
xine | xine-lib | 1_rc3a | |
xine | xine-lib | 1_rc3b | |
xine | xine-lib | 1_rc3c |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*", "matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*", "matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*", "matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*", "matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en cliente Real-Time Streaming Protocol (RTSP) de (1) MPlayer anteriores a 1.0pre4 y (2) xine lib (xine-lib) anteriores a 1-rc4, cuando reproduce secuencias Real trsp (realrtsp), que permiten a atacantes remotos causar una denegaci\u00f3n de servivio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su eleccion mediante (a) URLs largas, (b) respuestas de servidor Real largas, o (c) paquetes de transporte de datos Real (RDT) largos." } ], "id": "CVE-2004-0433", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200405-24.xml" }, { "source": "cve@mitre.org", "url": "http://www.xinehq.de/index.php/security/XSA-2004-3" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200405-24.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xinehq.de/index.php/security/XSA-2004-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\"" }, { "lang": "es", "value": "xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegaci\u00f3n de servicio(ca\u00edda)a trav\u00e9s de \"archivos MP3 con metadatos que consisten \u00fanicamente de separadores.\"" } ], "id": "CVE-2008-5248", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.750", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32505" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32505" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1.1.14 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED", "versionEndIncluding": "1.1.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." }, { "lang": "es", "value": "demux_qt.c de xine-lib v1.1.12, y otra v1.1.15 y versiones anteriores, no valida el campo contador antes de hacer una llamada calloc para una asignaci\u00f3n atom de STSD_ATOM. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia manipulado." } ], "id": "CVE-2008-5242", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.640", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | * | |
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66", "versionEndIncluding": "1.1.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c." }, { "lang": "es", "value": "xine-lib anterior a 1.1.15 realiza marcos de video V4L preasignados antes del establecimiento de la longitud requerida, la cu\u00e1l tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con un desbordamiento de b\u00fafer en la funci\u00f3n open_video_capture_device en src/input/input_v4l.c." } ], "id": "CVE-2008-5245", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.687", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31502" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020703" }, { "source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30698" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/31502" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" }, { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
xine | xine-lib | 0.9.13 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1 | |
xine | xine-lib | 1.0 | |
xine | xine-lib | 1.0.1 | |
xine | xine-lib | 1.0.2 | |
xine | xine-lib | 1.0.3a | |
xine | xine-lib | 1.1.0 | |
xine | xine-lib | 1.1.1 | |
xine | xine-lib | 1.1.2 | |
xine | xine-lib | 1.1.3 | |
xine | xine-lib | 1.1.4 | |
xine | xine-lib | 1.1.5 | |
xine | xine-lib | 1.1.6 | |
xine | xine-lib | 1.1.7 | |
xine | xine-lib | 1.1.8 | |
xine | xine-lib | 1.1.9 | |
xine | xine-lib | 1.1.9.1 | |
xine | xine-lib | 1.1.10 | |
xine | xine-lib | 1.1.10.1 | |
xine | xine-lib | 1.1.11 | |
xine | xine-lib | 1.1.11.1 | |
xine | xine-lib | 1.1.12 | |
xine | xine-lib | 1.1.13 | |
xine | xine-lib | 1_beta1 | |
xine | xine-lib | 1_beta2 | |
xine | xine-lib | 1_beta3 | |
xine | xine-lib | 1_beta4 | |
xine | xine-lib | 1_beta5 | |
xine | xine-lib | 1_beta6 | |
xine | xine-lib | 1_beta7 | |
xine | xine-lib | 1_beta8 | |
xine | xine-lib | 1_beta9 | |
xine | xine-lib | 1_beta10 | |
xine | xine-lib | 1_beta11 | |
xine | xine-lib | 1_beta12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*", "matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*", "matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*", "matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*", "matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*", "matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*", "matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*", "matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*", "matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*", "matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*", "matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*", "matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*", "matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*", "matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*", "matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*", "matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*", "matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*", "matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*", "matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*", "matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows." }, { "lang": "es", "value": "xine-lib v1.1.12 y otra v1.1.15 y versiones anteriores; no maneja adecuadamente los valores (a) negative y (b) zero durante las llamadas no especificadas a la funci\u00f3n read en file.c, input_net.c, input_smb.c e input_http.c. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores como (1) un fichero o (2) una respuesta HTTP, esto provoca consecuencias como lecturas fuera de rango y desbordamientos de b\u00fafer basados en pila." } ], "id": "CVE-2008-5239", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-11-26T01:30:00.577", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/31827" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/33544" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4648" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "cve@mitre.org", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/30797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CVE-2004-1379 (GCVE-0-2004-1379)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:12.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xine-dvd-subpicture-bo(17423)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" }, { "name": "SSA:2004-266", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/security/XSA-2004-5" }, { "name": "DSA-657", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-657" }, { "name": "11205", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11205" }, { "name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xine-dvd-subpicture-bo(17423)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" }, { "name": "SSA:2004-266", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/security/XSA-2004-5" }, { "name": "DSA-657", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-657" }, { "name": "11205", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11205" }, { "name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1379", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xine-dvd-subpicture-bo(17423)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423" }, { "name": "SSA:2004-266", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308" }, { "name": "http://xinehq.de/index.php/security/XSA-2004-5", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/security/XSA-2004-5" }, { "name": "DSA-657", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-657" }, { "name": "11205", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11205" }, { "name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "name": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html", "refsource": "CONFIRM", "url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1379", "datePublished": "2005-01-19T05:00:00", "dateReserved": "2005-01-19T00:00:00", "dateUpdated": "2024-08-08T00:46:12.604Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5247 (GCVE-0-2008-5247)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5247", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5247", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4799 (GCVE-0-2006-4799)
Vulnerability from cvelistv5
Published
2006-09-14 21:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:23:41.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-200609-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml" }, { "name": "SUSE-SA:2006:073", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" }, { "name": "22230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22230" }, { "name": "23010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23010" }, { "name": "USN-358-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-358-1" }, { "name": "23213", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23213" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/news" }, { "name": "DSA-1215", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.us.debian.org/security/2006/dsa-1215" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-10-10T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "GLSA-200609-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml" }, { "name": "SUSE-SA:2006:073", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" }, { "name": "22230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22230" }, { "name": "23010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23010" }, { "name": "USN-358-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-358-1" }, { "name": "23213", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23213" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/news" }, { "name": "DSA-1215", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.us.debian.org/security/2006/dsa-1215" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4799", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-200609-09", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml" }, { "name": "SUSE-SA:2006:073", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" }, { "name": "22230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22230" }, { "name": "23010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23010" }, { "name": "USN-358-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-358-1" }, { "name": "23213", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23213" }, { "name": "http://xinehq.de/index.php/news", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/news" }, { "name": "DSA-1215", "refsource": "DEBIAN", "url": "http://www.us.debian.org/security/2006/dsa-1215" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4799", "datePublished": "2006-09-14T21:00:00", "dateReserved": "2006-09-14T00:00:00", "dateUpdated": "2024-08-07T19:23:41.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-1482 (GCVE-0-2008-1482)
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:24:42.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2008-0981", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0981/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" }, { "name": "29622", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29622" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SUSE-SR:2008:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" }, { "name": "3769", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3769" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "FEDORA-2008-2945", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "29484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29484" }, { "name": "29756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29756" }, { "name": "29600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29600" }, { "name": "29740", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29740" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://aluigi.org/poc/xinehof.zip" }, { "name": "xinelib-multiple-bo(41350)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" }, { "name": "FEDORA-2008-2849", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" }, { "name": "SSA:2008-092-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137" }, { "name": "28370", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28370" }, { "name": "20080320 Multiple heap overflows in xine-lib 1.1.11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30337" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2008-0981", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0981/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" }, { "name": "29622", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29622" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SUSE-SR:2008:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" }, { "name": "3769", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3769" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "FEDORA-2008-2945", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "29484", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29484" }, { "name": "29756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29756" }, { "name": "29600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29600" }, { "name": "29740", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29740" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "tags": [ "x_refsource_MISC" ], "url": "http://aluigi.org/poc/xinehof.zip" }, { "name": "xinelib-multiple-bo(41350)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" }, { "name": "FEDORA-2008-2849", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" }, { "name": "SSA:2008-092-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137" }, { "name": "28370", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28370" }, { "name": "20080320 Multiple heap overflows in xine-lib 1.1.11", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30337" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1482", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2008-0981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0981/references" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=438663", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" }, { "name": "29622", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29622" }, { "name": "GLSA-200808-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SUSE-SR:2008:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" }, { "name": "3769", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3769" }, { "name": "DSA-1586", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "FEDORA-2008-2945", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "29484", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29484" }, { "name": "29756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29756" }, { "name": "29600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29600" }, { "name": "29740", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29740" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "http://aluigi.org/poc/xinehof.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/xinehof.zip" }, { "name": "xinelib-multiple-bo(41350)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" }, { "name": "FEDORA-2008-2849", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" }, { "name": "SSA:2008-092-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137" }, { "name": "28370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28370" }, { "name": "20080320 Multiple heap overflows in xine-lib 1.1.11", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" }, { "name": "http://aluigi.altervista.org/adv/xinehof-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" }, { "name": "31372", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30337" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1482", "datePublished": "2008-03-24T22:00:00", "dateReserved": "2008-03-24T00:00:00", "dateUpdated": "2024-08-07T08:24:42.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-3231 (GCVE-0-2008-3231)
Vulnerability from cvelistv5
Published
2008-07-18 16:00
Modified
2024-08-07 09:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xine-ogg-dos(44040)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040" }, { "name": "[oss-security] 20080713 CVE requests: crashers by zzuf", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020703" }, { "name": "30699", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30699" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-13T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xine-ogg-dos(44040)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040" }, { "name": "[oss-security] 20080713 CVE requests: crashers by zzuf", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020703" }, { "name": "30699", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30699" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xine-ogg-dos(44040)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040" }, { "name": "[oss-security] 20080713 CVE requests: crashers by zzuf", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/07/13/3" }, { "name": "1020703", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020703" }, { "name": "30699", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30699" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3231", "datePublished": "2008-07-18T16:00:00", "dateReserved": "2008-07-18T00:00:00", "dateUpdated": "2024-08-07T09:28:41.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1951 (GCVE-0-2004-1951)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:07:49.295Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11433" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-1" }, { "name": "10193", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10193" }, { "name": "xine-mrl-file-overwrite(15939)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939" }, { "name": "SSA:2004-111", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-2" }, { "name": "GLSA-200404-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200404-20.xml" }, { "name": "5739", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5739" }, { "name": "5594", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5594" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11433" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-1" }, { "name": "10193", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10193" }, { "name": "xine-mrl-file-overwrite(15939)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939" }, { "name": "SSA:2004-111", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-2" }, { "name": "GLSA-200404-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200404-20.xml" }, { "name": "5739", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5739" }, { "name": "5594", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5594" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11433", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11433" }, { "name": "http://www.xinehq.de/index.php/security/XSA-2004-1", "refsource": "CONFIRM", "url": "http://www.xinehq.de/index.php/security/XSA-2004-1" }, { "name": "10193", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10193" }, { "name": "xine-mrl-file-overwrite(15939)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939" }, { "name": "SSA:2004-111", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791" }, { "name": "http://www.xinehq.de/index.php/security/XSA-2004-2", "refsource": "CONFIRM", "url": "http://www.xinehq.de/index.php/security/XSA-2004-2" }, { "name": "GLSA-200404-20", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200404-20.xml" }, { "name": "5739", "refsource": "OSVDB", "url": "http://www.osvdb.org/5739" }, { "name": "5594", "refsource": "OSVDB", "url": "http://www.osvdb.org/5594" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1951", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:07:49.295Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0433 (GCVE-0-2004-0433)
Vulnerability from cvelistv5
Published
2004-05-05 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:17:14.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "mplayer-rtsp-rdt-bo(16019)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-3" }, { "name": "GLSA-200405-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200405-24.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-04-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "mplayer-rtsp-rdt-bo(16019)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xinehq.de/index.php/security/XSA-2004-3" }, { "name": "GLSA-200405-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200405-24.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "mplayer-rtsp-rdt-bo(16019)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019" }, { "name": "http://www.xinehq.de/index.php/security/XSA-2004-3", "refsource": "CONFIRM", "url": "http://www.xinehq.de/index.php/security/XSA-2004-3" }, { "name": "GLSA-200405-24", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200405-24.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0433", "datePublished": "2004-05-05T04:00:00", "dateReserved": "2004-05-03T00:00:00", "dateUpdated": "2024-08-08T00:17:14.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-1686 (GCVE-0-2008-1686)
Vulnerability from cvelistv5
Published
2008-04-08 18:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:32:01.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-611-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-611-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=592185" }, { "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded" }, { "name": "ADV-2008-1302", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1302/references" }, { "name": "MDVSA-2008:124", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124" }, { "name": "1019875", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019875" }, { "name": "29878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29878" }, { "name": "29898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29898" }, { "name": "FEDORA-2008-3103", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html" }, { "name": "ADV-2008-1269", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1269/references" }, { "name": "29866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29866" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30117", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30117" }, { "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html" }, { "name": "30104", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30104" }, { "name": "ADV-2008-1300", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1300/references" }, { "name": "29727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29727" }, { "name": "ADV-2008-1301", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1301/references" }, { "name": "USN-611-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-611-3" }, { "name": "29672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29672" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "DSA-1585", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1585" }, { "name": "MDVSA-2008:092", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092" }, { "name": "30353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30353" }, { "name": "fishsound-libfishsound-speex-bo(41684)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684" }, { "name": "29835", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29835" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655" }, { "name": "29880", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29880" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "name": "oval:org.mitre.oval:def:10026", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/advisories/ocert-2008-2.html" }, { "name": "ADV-2008-1228", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1228/references" }, { "name": "DSA-1584", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1584" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/advisories/ocert-2008-004.html" }, { "name": "ADV-2008-1268", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1268/references" }, { "name": "29845", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29845" }, { "name": "USN-611-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-611-2" }, { "name": "RHSA-2008:0235", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html" }, { "name": "30358", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30358" }, { "name": "29854", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29854" }, { "name": "SSA:2008-111-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836" }, { "name": "ADV-2008-1187", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1187/references" }, { "name": "MDVSA-2008:094", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094" }, { "name": "29881", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29881" }, { "name": "MDVSA-2008:093", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093" }, { "name": "GLSA-200804-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml" }, { "name": "30119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30119" }, { "name": "28665", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28665" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.metadecks.org/software/sweep/news.html" }, { "name": "FEDORA-2008-3191", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html" }, { "name": "FEDORA-2008-3059", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html" }, { "name": "29882", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29882" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30581" }, { "name": "SUSE-SR:2008:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" }, { "name": "30717", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-611-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-611-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=592185" }, { "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded" }, { "name": "ADV-2008-1302", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1302/references" }, { "name": "MDVSA-2008:124", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124" }, { "name": "1019875", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019875" }, { "name": "29878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29878" }, { "name": "29898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29898" }, { "name": "FEDORA-2008-3103", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html" }, { "name": "ADV-2008-1269", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1269/references" }, { "name": "29866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29866" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30117", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30117" }, { "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html" }, { "name": "30104", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30104" }, { "name": "ADV-2008-1300", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1300/references" }, { "name": "29727", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29727" }, { "name": "ADV-2008-1301", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1301/references" }, { "name": "USN-611-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-611-3" }, { "name": "29672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29672" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "DSA-1585", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1585" }, { "name": "MDVSA-2008:092", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092" }, { "name": "30353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30353" }, { "name": "fishsound-libfishsound-speex-bo(41684)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684" }, { "name": "29835", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29835" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655" }, { "name": "29880", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29880" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "name": "oval:org.mitre.oval:def:10026", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/advisories/ocert-2008-2.html" }, { "name": "ADV-2008-1228", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1228/references" }, { "name": "DSA-1584", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1584" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/advisories/ocert-2008-004.html" }, { "name": "ADV-2008-1268", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1268/references" }, { "name": "29845", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29845" }, { "name": "USN-611-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-611-2" }, { "name": "RHSA-2008:0235", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html" }, { "name": "30358", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30358" }, { "name": "29854", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29854" }, { "name": "SSA:2008-111-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836" }, { "name": "ADV-2008-1187", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1187/references" }, { "name": "MDVSA-2008:094", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094" }, { "name": "29881", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29881" }, { "name": "MDVSA-2008:093", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093" }, { "name": "GLSA-200804-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml" }, { "name": "30119", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30119" }, { "name": "28665", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28665" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.metadecks.org/software/sweep/news.html" }, { "name": "FEDORA-2008-3191", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html" }, { "name": "FEDORA-2008-3059", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html" }, { "name": "29882", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29882" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30581" }, { "name": "SUSE-SR:2008:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" }, { "name": "30717", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30717" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1686", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-611-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-611-1" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=592185", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185" }, { "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded" }, { "name": "ADV-2008-1302", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1302/references" }, { "name": "MDVSA-2008:124", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124" }, { "name": "1019875", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019875" }, { "name": "29878", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29878" }, { "name": "29898", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29898" }, { "name": "FEDORA-2008-3103", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html" }, { "name": "ADV-2008-1269", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1269/references" }, { "name": "29866", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29866" }, { "name": "DSA-1586", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30117", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30117" }, { "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release", "refsource": "MLIST", "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html" }, { "name": "30104", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30104" }, { "name": "ADV-2008-1300", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1300/references" }, { "name": "29727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29727" }, { "name": "ADV-2008-1301", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1301/references" }, { "name": "USN-611-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-611-3" }, { "name": "29672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29672" }, { "name": "SUSE-SR:2008:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "DSA-1585", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1585" }, { "name": "MDVSA-2008:092", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092" }, { "name": "30353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30353" }, { "name": "fishsound-libfishsound-speex-bo(41684)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684" }, { "name": "29835", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29835" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655" }, { "name": "29880", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29880" }, { "name": "http://blog.kfish.org/2008/04/release-libfishsound-091.html", "refsource": "CONFIRM", "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "oval:org.mitre.oval:def:10026", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026" }, { "name": "http://www.ocert.org/advisories/ocert-2008-2.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2008-2.html" }, { "name": "ADV-2008-1228", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1228/references" }, { "name": "DSA-1584", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1584" }, { "name": "http://www.ocert.org/advisories/ocert-2008-004.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2008-004.html" }, { "name": "ADV-2008-1268", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1268/references" }, { "name": "29845", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29845" }, { "name": "USN-611-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-611-2" }, { "name": "RHSA-2008:0235", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html" }, { "name": "30358", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30358" }, { "name": "29854", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29854" }, { "name": "SSA:2008-111-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836" }, { "name": "ADV-2008-1187", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1187/references" }, { "name": "MDVSA-2008:094", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094" }, { "name": "29881", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29881" }, { "name": "MDVSA-2008:093", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093" }, { "name": "GLSA-200804-17", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml" }, { "name": "30119", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30119" }, { "name": "28665", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28665" }, { "name": "http://www.metadecks.org/software/sweep/news.html", "refsource": "CONFIRM", "url": "http://www.metadecks.org/software/sweep/news.html" }, { "name": "FEDORA-2008-3191", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html" }, { "name": "FEDORA-2008-3059", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html" }, { "name": "29882", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29882" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30581" }, { "name": "SUSE-SR:2008:013", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" }, { "name": "30717", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30717" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1686", "datePublished": "2008-04-08T18:00:00", "dateReserved": "2008-04-06T00:00:00", "dateUpdated": "2024-08-07T08:32:01.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5248 (GCVE-0-2008-5248)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "32505", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/32505" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-12-03T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "32505", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/32505" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5248", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "32505", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32505" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "MDVSA-2009:298", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5248", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2200 (GCVE-0-2006-2200)
Vulnerability from cvelistv5
Published
2006-06-27 19:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:43:28.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "23512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23512" }, { "name": "USN-315-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-315-1" }, { "name": "ADV-2006-2487", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2487" }, { "name": "21036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21036" }, { "name": "MDKSA-2006:117", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117" }, { "name": "SSA:2006-357-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842" }, { "name": "USN-309-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-309-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=468432" }, { "name": "MDKSA-2006:121", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577" }, { "name": "18608", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18608" }, { "name": "20749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20749" }, { "name": "21023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21023" }, { "name": "23218", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23218" }, { "name": "21139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21139" }, { "name": "20964", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20964" }, { "name": "20948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20948" }, { "name": "GLSA-200607-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200607-07.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-07-11T09:00:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "23512", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23512" }, { "name": "USN-315-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-315-1" }, { "name": "ADV-2006-2487", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2487" }, { "name": "21036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21036" }, { "name": "MDKSA-2006:117", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117" }, { "name": "SSA:2006-357-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842" }, { "name": "USN-309-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-309-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=468432" }, { "name": "MDKSA-2006:121", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577" }, { "name": "18608", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18608" }, { "name": "20749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20749" }, { "name": "21023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21023" }, { "name": "23218", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23218" }, { "name": "21139", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21139" }, { "name": "20964", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20964" }, { "name": "20948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20948" }, { "name": "GLSA-200607-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200607-07.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2006-2200", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "23512", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23512" }, { "name": "USN-315-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-315-1" }, { "name": "ADV-2006-2487", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2487" }, { "name": "21036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21036" }, { "name": "MDKSA-2006:117", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117" }, { "name": "SSA:2006-357-05", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842" }, { "name": "USN-309-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-309-1" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=468432", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=468432" }, { "name": "MDKSA-2006:121", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577" }, { "name": "18608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18608" }, { "name": "20749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20749" }, { "name": "21023", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21023" }, { "name": "23218", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23218" }, { "name": "21139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21139" }, { "name": "20964", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20964" }, { "name": "20948", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20948" }, { "name": "GLSA-200607-07", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200607-07.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2006-2200", "datePublished": "2006-06-27T19:00:00", "dateReserved": "2006-05-04T00:00:00", "dateUpdated": "2024-08-07T17:43:28.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-1878 (GCVE-0-2008-1878)
Vulnerability from cvelistv5
Published
2008-04-17 22:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:41:00.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2008-3326", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "FEDORA-2008-3353", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" }, { "name": "ADV-2008-1247", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1247/references" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30021" }, { "name": "29850", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29850" }, { "name": "MDVSA-2008:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" }, { "name": "5458", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/5458" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "xinelib-demuxnsfsendchunk-bo(41865)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "28816", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28816" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30581" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-04-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "FEDORA-2008-3326", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "FEDORA-2008-3353", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" }, { "name": "ADV-2008-1247", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1247/references" }, { "name": "DSA-1586", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30021" }, { "name": "29850", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29850" }, { "name": "MDVSA-2008:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" }, { "name": "5458", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/5458" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "xinelib-demuxnsfsendchunk-bo(41865)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "28816", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28816" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30581" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1878", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2008-3326", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" }, { "name": "GLSA-200808-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "FEDORA-2008-3353", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" }, { "name": "ADV-2008-1247", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1247/references" }, { "name": "DSA-1586", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1586" }, { "name": "30021", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30021" }, { "name": "29850", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29850" }, { "name": "MDVSA-2008:177", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" }, { "name": "5458", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5458" }, { "name": "SUSE-SR:2008:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "xinelib-demuxnsfsendchunk-bo(41865)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "MDVSA-2008:178", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "28816", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28816" }, { "name": "31372", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30337", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30337" }, { "name": "30581", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30581" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1878", "datePublished": "2008-04-17T22:00:00", "dateReserved": "2008-04-17T00:00:00", "dateUpdated": "2024-08-07T08:41:00.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-2967 (GCVE-0-2005-2967)
Vulnerability from cvelistv5
Published
2005-10-14 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:53:29.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "15044", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15044" }, { "name": "17132", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17132" }, { "name": "MDKSA-2005:180", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" }, { "name": "17282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17282" }, { "name": "17097", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17097" }, { "name": "19892", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/19892" }, { "name": "SSA:2005-283-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/security/XSA-2005-1" }, { "name": "DSA-863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-863" }, { "name": "20051008 xine/gxine CD Player Remote Format String Bug", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" }, { "name": "SUSE-SR:2005:024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" }, { "name": "17111", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17111" }, { "name": "GLSA-200510-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" }, { "name": "USN-196-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-196-1" }, { "name": "17179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17179" }, { "name": "17162", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17162" }, { "name": "17099", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17099/" }, { "name": "xinelib-inputcdda-format-string(22545)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-10-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "15044", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15044" }, { "name": "17132", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17132" }, { "name": "MDKSA-2005:180", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" }, { "name": "17282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17282" }, { "name": "17097", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17097" }, { "name": "19892", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/19892" }, { "name": "SSA:2005-283-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/security/XSA-2005-1" }, { "name": "DSA-863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-863" }, { "name": "20051008 xine/gxine CD Player Remote Format String Bug", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" }, { "name": "SUSE-SR:2005:024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" }, { "name": "17111", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17111" }, { "name": "GLSA-200510-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" }, { "name": "USN-196-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-196-1" }, { "name": "17179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17179" }, { "name": "17162", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17162" }, { "name": "17099", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17099/" }, { "name": "xinelib-inputcdda-format-string(22545)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2005-2967", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "15044", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15044" }, { "name": "17132", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17132" }, { "name": "MDKSA-2005:180", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" }, { "name": "17282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17282" }, { "name": "17097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17097" }, { "name": "19892", "refsource": "OSVDB", "url": "http://www.osvdb.org/19892" }, { "name": "SSA:2005-283-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454" }, { "name": "http://xinehq.de/index.php/security/XSA-2005-1", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/security/XSA-2005-1" }, { "name": "DSA-863", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-863" }, { "name": "20051008 xine/gxine CD Player Remote Format String Bug", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" }, { "name": "SUSE-SR:2005:024", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" }, { "name": "17111", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17111" }, { "name": "GLSA-200510-08", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" }, { "name": "USN-196-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-196-1" }, { "name": "17179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17179" }, { "name": "17162", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17162" }, { "name": "17099", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17099/" }, { "name": "xinelib-inputcdda-format-string(22545)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-2967", "datePublished": "2005-10-14T04:00:00", "dateReserved": "2005-09-19T00:00:00", "dateUpdated": "2024-08-07T22:53:29.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5234 (GCVE-0-2008-5234)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-parsemoovatom-bo(44633)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31502" }, { "name": "xinelib-id3v23interpframe-bo(44647)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-parsemoovatom-bo(44633)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31502" }, { "name": "xinelib-id3v23interpframe-bo(44647)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5234", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-parsemoovatom-bo(44633)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633" }, { "name": "33544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33544" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31502" }, { "name": "xinelib-id3v23interpframe-bo(44647)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647" }, { "name": "ADV-2008-2382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5234", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1476 (GCVE-0-2004-1476)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:53:23.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11206", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11206" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "name": "xine-videocd-disk-bo(17431)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11206", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11206" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "name": "xine-videocd-disk-bo(17431)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11206" }, { "name": "http://xinehq.de/index.php/security/XSA-2004-4", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "GLSA-200409-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" }, { "name": "xine-videocd-disk-bo(17431)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1476", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2024-08-08T00:53:23.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5233 (GCVE-0-2008-5233)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:11.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "47747", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/47747" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-mymngprocessheader-bo(44648)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648" }, { "name": "xinelib-openmodfile-bo(44649)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649" }, { "name": "xinelib-realparseaudiospecificdata-bo(44639)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "47747", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/47747" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-mymngprocessheader-bo(44648)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648" }, { "name": "xinelib-openmodfile-bo(44649)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649" }, { "name": "xinelib-realparseaudiospecificdata-bo(44639)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5233", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "1020703", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020703" }, { "name": "47747", "refsource": "OSVDB", "url": "http://www.osvdb.org/47747" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-mymngprocessheader-bo(44648)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648" }, { "name": "xinelib-openmodfile-bo(44649)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649" }, { "name": "xinelib-realparseaudiospecificdata-bo(44639)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5233", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:11.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1195 (GCVE-0-2005-1195)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:44:05.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "mplayer-mmst-stream-bo(20175)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u" }, { "name": "13271", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/13271" }, { "name": "GLSA-200504-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11" }, { "name": "1013771", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013771" }, { "name": "15712", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/15712" }, { "name": "15014", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/15014" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10" }, { "name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u" }, { "name": "20050421 [PLSN-0003] - Remote exploits in MPlayer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/396703" }, { "name": "15711", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/15711" }, { "name": "mplayer-rtsp-stream-bo(20171)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-04-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "mplayer-mmst-stream-bo(20175)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u" }, { "name": "13271", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/13271" }, { "name": "GLSA-200504-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11" }, { "name": "1013771", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013771" }, { "name": "15712", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/15712" }, { "name": "15014", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/15014" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10" }, { "name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u" }, { "name": "20050421 [PLSN-0003] - Remote exploits in MPlayer", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/396703" }, { "name": "15711", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/15711" }, { "name": "mplayer-rtsp-stream-bo(20171)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1195", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "mplayer-mmst-stream-bo(20175)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175" }, { "name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u", "refsource": "CONFIRM", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u" }, { "name": "13271", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13271" }, { "name": "GLSA-200504-19", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml" }, { "name": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11", "refsource": "CONFIRM", "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11" }, { "name": "1013771", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013771" }, { "name": "15712", "refsource": "OSVDB", "url": "http://www.osvdb.org/15712" }, { "name": "15014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15014" }, { "name": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10", "refsource": "CONFIRM", "url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10" }, { "name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html" }, { "name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u", "refsource": "CONFIRM", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u" }, { "name": "20050421 [PLSN-0003] - Remote exploits in MPlayer", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/396703" }, { "name": "15711", "refsource": "OSVDB", "url": "http://www.osvdb.org/15711" }, { "name": "mplayer-rtsp-stream-bo(20171)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1195", "datePublished": "2005-04-21T04:00:00", "dateReserved": "2005-04-21T00:00:00", "dateUpdated": "2024-08-07T21:44:05.294Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0225 (GCVE-0-2008-0225)
Vulnerability from cvelistv5
Published
2008-01-10 23:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:39:34.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt" }, { "name": "SUSE-SR:2008:002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" }, { "name": "ADV-2008-0163", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0163" }, { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "28489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28489" }, { "name": "28507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28507" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "name": "DSA-1472", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1472" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "FEDORA-2008-0718", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620" }, { "name": "28384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28384" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=567872" }, { "name": "28636", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28636" }, { "name": "27198", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27198" }, { "name": "28674", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-01-19T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt" }, { "name": "SUSE-SR:2008:002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" }, { "name": "ADV-2008-0163", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0163" }, { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "28489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28489" }, { "name": "28507", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28507" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "name": "DSA-1472", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1472" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "FEDORA-2008-0718", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620" }, { "name": "28384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28384" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=567872" }, { "name": "28636", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28636" }, { "name": "27198", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27198" }, { "name": "28674", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0225", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt" }, { "name": "SUSE-SR:2008:002", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" }, { "name": "ADV-2008-0163", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0163" }, { "name": "MDVSA-2008:045", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "28489", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28489" }, { "name": "28507", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28507" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "DSA-1472", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1472" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=205197", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "FEDORA-2008-0718", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=428620", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620" }, { "name": "28384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28384" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=567872", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=567872" }, { "name": "28636", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28636" }, { "name": "27198", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27198" }, { "name": "28674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0225", "datePublished": "2008-01-10T23:00:00", "dateReserved": "2008-01-10T00:00:00", "dateUpdated": "2024-08-07T07:39:34.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5243 (GCVE-0-2008-5243)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:11.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "xinelib-realparseheader-dos(44658)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "xinelib-realparseheader-dos(44658)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33544" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" }, { "name": "xinelib-realparseheader-dos(44658)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5243", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:11.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1475 (GCVE-0-2004-1475)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:53:23.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11206", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11206" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "xine-subtitle-bo(17432)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432" }, { "name": "GLSA-200408-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200408-18.xml" }, { "name": "xine-videocd-mrl-bo(17430)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11206", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11206" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "xine-subtitle-bo(17432)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432" }, { "name": "GLSA-200408-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200408-18.xml" }, { "name": "xine-videocd-mrl-bo(17430)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430" }, { "name": "GLSA-200409-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1475", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11206" }, { "name": "http://xinehq.de/index.php/security/XSA-2004-4", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/security/XSA-2004-4" }, { "name": "20040907 XSA-2004-4: multiple string overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0" }, { "name": "xine-subtitle-bo(17432)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432" }, { "name": "GLSA-200408-18", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200408-18.xml" }, { "name": "xine-videocd-mrl-bo(17430)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430" }, { "name": "GLSA-200409-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1475", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2024-08-08T00:53:23.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1455 (GCVE-0-2004-1455)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:53:23.983Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "12194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12194/" }, { "name": "20040817 Open Security Group Advisory #6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://open-security.org/advisories/6" }, { "name": "10890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10890" }, { "name": "xine-vcd-identifier-bo(16930)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930" }, { "name": "GLSA-200408-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "12194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12194/" }, { "name": "20040817 Open Security Group Advisory #6", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://open-security.org/advisories/6" }, { "name": "10890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10890" }, { "name": "xine-vcd-identifier-bo(16930)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930" }, { "name": "GLSA-200408-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1455", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "12194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12194/" }, { "name": "20040817 Open Security Group Advisory #6", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2" }, { "name": "http://open-security.org/advisories/6", "refsource": "MISC", "url": "http://open-security.org/advisories/6" }, { "name": "10890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10890" }, { "name": "xine-vcd-identifier-bo(16930)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930" }, { "name": "GLSA-200408-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1455", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2024-08-08T00:53:23.983Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5246 (GCVE-0-2008-5246)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-srcdemuxersid3-bo(44468)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468" }, { "name": "47677", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/47677" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30698" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-srcdemuxersid3-bo(44468)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468" }, { "name": "47677", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/47677" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30698" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5246", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1020703", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020703" }, { "name": "xinelib-srcdemuxersid3-bo(44468)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468" }, { "name": "47677", "refsource": "OSVDB", "url": "http://osvdb.org/47677" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "ADV-2008-2382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30698" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5246", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.366Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-1274 (GCVE-0-2009-1274)
Vulnerability from cvelistv5
Published
2009-04-08 18:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:04:49.454Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "34593", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34593" }, { "name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded" }, { "name": "1021989", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1021989" }, { "name": "53288", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/53288" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233" }, { "name": "SUSE-SR:2009:011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" }, { "name": "MDVSA-2009:299", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "FEDORA-2009-3428", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" }, { "name": "xinelib-demuxqt-bo(49714)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714" }, { "name": "34384", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/34384" }, { "name": "35416", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35416" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "FEDORA-2009-3433", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" }, { "name": "34712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34712" }, { "name": "ADV-2009-0937", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0937" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=224" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.trapkit.de/advisories/TKADV2009-005.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "34593", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34593" }, { "name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded" }, { "name": "1021989", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1021989" }, { "name": "53288", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/53288" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233" }, { "name": "SUSE-SR:2009:011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" }, { "name": "MDVSA-2009:299", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "FEDORA-2009-3428", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" }, { "name": "xinelib-demuxqt-bo(49714)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714" }, { "name": "34384", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/34384" }, { "name": "35416", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35416" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "FEDORA-2009-3433", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" }, { "name": "34712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34712" }, { "name": "ADV-2009-0937", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0937" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=224" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.trapkit.de/advisories/TKADV2009-005.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1274", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "34593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34593" }, { "name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded" }, { "name": "1021989", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021989" }, { "name": "53288", "refsource": "OSVDB", "url": "http://osvdb.org/53288" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233" }, { "name": "SUSE-SR:2009:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" }, { "name": "MDVSA-2009:299", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "FEDORA-2009-3428", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" }, { "name": "xinelib-demuxqt-bo(49714)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714" }, { "name": "34384", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34384" }, { "name": "35416", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35416" }, { "name": "MDVSA-2009:298", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "FEDORA-2009-3433", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" }, { "name": "34712", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34712" }, { "name": "ADV-2009-0937", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0937" }, { "name": "http://bugs.xine-project.org/show_bug.cgi?id=224", "refsource": "CONFIRM", "url": "http://bugs.xine-project.org/show_bug.cgi?id=224" }, { "name": "http://www.trapkit.de/advisories/TKADV2009-005.txt", "refsource": "MISC", "url": "http://www.trapkit.de/advisories/TKADV2009-005.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1274", "datePublished": "2009-04-08T18:00:00", "dateReserved": "2009-04-08T00:00:00", "dateUpdated": "2024-08-07T05:04:49.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5244 (GCVE-0-2008-5244)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-02-20T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1020703", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5244", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2802 (GCVE-0-2006-2802)
Vulnerability from cvelistv5
Published
2006-06-03 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:06:26.061Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-1105", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1105" }, { "name": "25936", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/25936" }, { "name": "20369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20369" }, { "name": "20942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20942" }, { "name": "20766", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20766" }, { "name": "GLSA-200609-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200609-08.xml" }, { "name": "18187", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18187" }, { "name": "20549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20549" }, { "name": "xinelib-xinepluginphttp-bo(26972)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972" }, { "name": "SUSE-SR:2006:014", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" }, { "name": "USN-295-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/295-1/" }, { "name": "20828", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20828" }, { "name": "1852", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/1852" }, { "name": "MDKSA-2006:108", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108" }, { "name": "21919", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21919" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-05-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-1105", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1105" }, { "name": "25936", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/25936" }, { "name": "20369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20369" }, { "name": "20942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20942" }, { "name": "20766", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20766" }, { "name": "GLSA-200609-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200609-08.xml" }, { "name": "18187", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18187" }, { "name": "20549", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20549" }, { "name": "xinelib-xinepluginphttp-bo(26972)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972" }, { "name": "SUSE-SR:2006:014", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" }, { "name": "USN-295-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/295-1/" }, { "name": "20828", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20828" }, { "name": "1852", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/1852" }, { "name": "MDKSA-2006:108", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108" }, { "name": "21919", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21919" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2802", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-1105", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1105" }, { "name": "25936", "refsource": "OSVDB", "url": "http://www.osvdb.org/25936" }, { "name": "20369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20369" }, { "name": "20942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20942" }, { "name": "20766", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20766" }, { "name": "GLSA-200609-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200609-08.xml" }, { "name": "18187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18187" }, { "name": "20549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20549" }, { "name": "xinelib-xinepluginphttp-bo(26972)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972" }, { "name": "SUSE-SR:2006:014", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" }, { "name": "USN-295-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/295-1/" }, { "name": "20828", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20828" }, { "name": "1852", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1852" }, { "name": "MDKSA-2006:108", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108" }, { "name": "21919", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21919" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2802", "datePublished": "2006-06-03T10:00:00", "dateReserved": "2006-06-02T00:00:00", "dateUpdated": "2024-08-07T18:06:26.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5240 (GCVE-0-2008-5240)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "xinelib-demuxmatroska-dos(44653)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "47742", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/47742" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "xinelib-demuxmatroska-dos(44653)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "47742", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/47742" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5240", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33544" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "xinelib-demuxmatroska-dos(44653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "47742", "refsource": "OSVDB", "url": "http://www.osvdb.org/47742" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5240", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-0698 (GCVE-0-2009-0698)
Vulnerability from cvelistv5
Published
2009-02-23 15:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:48:51.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-746-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-746-1" }, { "name": "MDVSA-2009:299", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "xinelib-4xmdemuxer-code-execution(48954)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "SUSE-SR:2009:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" }, { "name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-746-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-746-1" }, { "name": "MDVSA-2009:299", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "xinelib-4xmdemuxer-code-execution(48954)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" }, { "name": "MDVSA-2009:298", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "SUSE-SR:2009:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" }, { "name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-0698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-746-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-746-1" }, { "name": "MDVSA-2009:299", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" }, { "name": "xinelib-4xmdemuxer-code-execution(48954)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=660071", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=660071" }, { "name": "http://bugs.xine-project.org/show_bug.cgi?id=205", "refsource": "CONFIRM", "url": "http://bugs.xine-project.org/show_bug.cgi?id=205" }, { "name": "MDVSA-2009:298", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" }, { "name": "SUSE-SR:2009:009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "name": "http://www.trapkit.de/advisories/TKADV2009-004.txt", "refsource": "MISC", "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" }, { "name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0698", "datePublished": "2009-02-23T15:00:00", "dateReserved": "2009-02-23T00:00:00", "dateUpdated": "2024-08-07T04:48:51.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-1110 (GCVE-0-2008-1110)
Vulnerability from cvelistv5
Published
2008-02-29 19:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/security" }, { "name": "xinelib-demuxasf-bo(41019)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/news" }, { "name": "GLSA-200802-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=208100" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "29141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29141" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb" }, { "name": "1641", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/security" }, { "name": "xinelib-demuxasf-bo(41019)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/news" }, { "name": "GLSA-200802-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=208100" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "29141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29141" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb" }, { "name": "1641", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://xinehq.de/index.php/security", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/security" }, { "name": "xinelib-demuxasf-bo(41019)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "http://xinehq.de/index.php/news", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/news" }, { "name": "GLSA-200802-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=208100", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=208100" }, { "name": "MDVSA-2008:178", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "29141", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29141" }, { "name": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fb6d089b520dca199ef16a046da28c50c984c2d2;style=gitweb", "refsource": "CONFIRM", "url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fb6d089b520dca199ef16a046da28c50c984c2d2;style=gitweb" }, { "name": "1641", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1110", "datePublished": "2008-02-29T19:00:00", "dateReserved": "2008-02-29T00:00:00", "dateUpdated": "2024-08-07T08:08:57.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5242 (GCVE-0-2008-5242)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "xinelib-demuxqtc-stsdatom-dos(44657)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "xinelib-demuxqtc-stsdatom-dos(44657)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5242", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "xinelib-demuxqtc-stsdatom-dos(44657)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5242", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1300 (GCVE-0-2004-1300)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:12.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xine-openaifffile-bo(18611)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xine-openaifffile-bo(18611)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "tags": [ "x_refsource_MISC" ], "url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xine-openaifffile-bo(18611)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611" }, { "name": "MDKSA-2005:011", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "name": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt", "refsource": "MISC", "url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1300", "datePublished": "2004-12-22T05:00:00", "dateReserved": "2004-12-20T00:00:00", "dateUpdated": "2024-08-08T00:46:12.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5245 (GCVE-0-2008-5245)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:11.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31502" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30698" }, { "name": "xinelib-openvideocapturedevice-bo(44470)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1020703", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31502" }, { "name": "ADV-2008-2382", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30698" }, { "name": "xinelib-openvideocapturedevice-bo(44470)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5245", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1020703", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020703" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "31502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31502" }, { "name": "ADV-2008-2382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2382" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "30698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30698" }, { "name": "xinelib-openvideocapturedevice-bo(44470)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5245", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:11.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5239 (GCVE-0-2008-5239)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:12.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-multiple-inputplugin-bo(44651)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33544" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-multiple-inputplugin-bo(44651)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5239", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "33544", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33544" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "xinelib-multiple-inputplugin-bo(44651)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "FEDORA-2009-0542", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5239", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:12.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0073 (GCVE-0-2008-0073)
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:32:23.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2008-10/" }, { "name": "DSA-1543", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1543" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SSA:2008-089-03", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408" }, { "name": "28312", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28312" }, { "name": "xinelib-sdpplinparse-bo(41339)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.videolan.org/security/sa0803.php" }, { "name": "FEDORA-2008-2945", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "29392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29392" }, { "name": "FEDORA-2008-2569", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655" }, { "name": "28694", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28694" }, { "name": "29740", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29740" }, { "name": "GLSA-200804-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "name": "SUSE-SR:2008:007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xinehq.de/index.php/news" }, { "name": "29601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29601" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.videolan.org/Changelog/0.8.6f" }, { "name": "ADV-2008-0923", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0923" }, { "name": "29800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29800" }, { "name": "MDVSA-2008:219", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219" }, { "name": "29766", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29766" }, { "name": "1019682", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019682" }, { "name": "29503", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29503" }, { "name": "29472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29472" }, { "name": "DSA-1536", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "29578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29578" }, { "name": "ADV-2008-0985", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0985" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30581" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2008-10/" }, { "name": "DSA-1543", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1543" }, { "name": "GLSA-200808-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SSA:2008-089-03", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408" }, { "name": "28312", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28312" }, { "name": "xinelib-sdpplinparse-bo(41339)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.videolan.org/security/sa0803.php" }, { "name": "FEDORA-2008-2945", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "SUSE-SR:2008:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "29392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29392" }, { "name": "FEDORA-2008-2569", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655" }, { "name": "28694", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28694" }, { "name": "29740", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29740" }, { "name": "GLSA-200804-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "name": "SUSE-SR:2008:007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xinehq.de/index.php/news" }, { "name": "29601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29601" }, { "name": "MDVSA-2008:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.videolan.org/Changelog/0.8.6f" }, { "name": "ADV-2008-0923", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0923" }, { "name": "29800", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29800" }, { "name": "MDVSA-2008:219", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219" }, { "name": "29766", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29766" }, { "name": "1019682", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019682" }, { "name": "29503", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29503" }, { "name": "29472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29472" }, { "name": "DSA-1536", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "29578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29578" }, { "name": "ADV-2008-0985", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0985" }, { "name": "31372", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30581" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2008-0073", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://secunia.com/secunia_research/2008-10/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2008-10/" }, { "name": "DSA-1543", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1543" }, { "name": "GLSA-200808-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" }, { "name": "SSA:2008-089-03", "refsource": "SLACKWARE", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408" }, { "name": "28312", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28312" }, { "name": "xinelib-sdpplinparse-bo(41339)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339" }, { "name": "http://www.videolan.org/security/sa0803.php", "refsource": "CONFIRM", "url": "http://www.videolan.org/security/sa0803.php" }, { "name": "FEDORA-2008-2945", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" }, { "name": "SUSE-SR:2008:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" }, { "name": "29392", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29392" }, { "name": "FEDORA-2008-2569", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html" }, { "name": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655" }, { "name": "28694", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28694" }, { "name": "29740", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29740" }, { "name": "GLSA-200804-25", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "SUSE-SR:2008:007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html" }, { "name": "http://xinehq.de/index.php/news", "refsource": "CONFIRM", "url": "http://xinehq.de/index.php/news" }, { "name": "29601", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29601" }, { "name": "MDVSA-2008:178", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" }, { "name": "http://wiki.videolan.org/Changelog/0.8.6f", "refsource": "CONFIRM", "url": "http://wiki.videolan.org/Changelog/0.8.6f" }, { "name": "ADV-2008-0923", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0923" }, { "name": "29800", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29800" }, { "name": "MDVSA-2008:219", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219" }, { "name": "29766", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29766" }, { "name": "1019682", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019682" }, { "name": "29503", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29503" }, { "name": "29472", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29472" }, { "name": "DSA-1536", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "29578", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29578" }, { "name": "ADV-2008-0985", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0985" }, { "name": "31372", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31372" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "30581", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30581" } ] } } } }, "cveMetadata": { "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2008-0073", "datePublished": "2008-03-24T22:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:23.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-5241 (GCVE-0-2008-5241)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
References
► | URL | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:49:11.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30797" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "xinelib-demuxqtc-cmovatom-dos(44656)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30797", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30797" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "xinelib-demuxqtc-cmovatom-dos(44656)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656" }, { "name": "FEDORA-2008-7512", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30797" }, { "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", "refsource": "MISC", "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" }, { "name": "4648", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4648" }, { "name": "31827", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31827" }, { "name": "FEDORA-2008-7572", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" }, { "name": "MDVSA-2009:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" }, { "name": "xinelib-demuxqtc-cmovatom-dos(44656)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656" }, { "name": "FEDORA-2008-7512", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5241", "datePublished": "2008-11-26T01:00:00", "dateReserved": "2008-11-25T00:00:00", "dateUpdated": "2024-08-07T10:49:11.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1187 (GCVE-0-2004-1187)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:11.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "xine-pnatag-bo(18640)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "xine-pnatag-bo(18640)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1187", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "xine-pnatag-bo(18640)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640" }, { "name": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff", "refsource": "CONFIRM", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities" }, { "name": "MDKSA-2005:011", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21", "refsource": "CONFIRM", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1187", "datePublished": "2004-12-22T05:00:00", "dateReserved": "2004-12-13T00:00:00", "dateUpdated": "2024-08-08T00:46:11.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1664 (GCVE-0-2006-1664)
Vulnerability from cvelistv5
Published
2006-04-07 10:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:19:49.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "19856", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19856" }, { "name": "28666", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28666" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl" }, { "name": "xinelib-mpeg-bo(25670)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670" }, { "name": "FEDORA-2008-1047", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html" }, { "name": "FEDORA-2008-1043", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html" }, { "name": "19853", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19853" }, { "name": "17370", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/17370" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838" }, { "name": "1015868", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015868" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "name": "1641", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "GLSA-200604-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "19856", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19856" }, { "name": "28666", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28666" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl" }, { "name": "xinelib-mpeg-bo(25670)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670" }, { "name": "FEDORA-2008-1047", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html" }, { "name": "FEDORA-2008-1043", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html" }, { "name": "19853", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19853" }, { "name": "17370", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/17370" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838" }, { "name": "1015868", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015868" }, { "tags": [ "x_refsource_MISC" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "name": "1641", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "GLSA-200604-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1664", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "19856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19856" }, { "name": "28666", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28666" }, { "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl", "refsource": "MISC", "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl" }, { "name": "xinelib-mpeg-bo(25670)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670" }, { "name": "FEDORA-2008-1047", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html" }, { "name": "FEDORA-2008-1043", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html" }, { "name": "19853", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19853" }, { "name": "17370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17370" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=128838", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838" }, { "name": "1015868", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015868" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608", "refsource": "MISC", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608" }, { "name": "1641", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1641" }, { "name": "GLSA-200604-16", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1664", "datePublished": "2006-04-07T10:00:00", "dateReserved": "2006-04-07T00:00:00", "dateUpdated": "2024-08-07T17:19:49.082Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0486 (GCVE-0-2008-0486)
Vulnerability from cvelistv5
Published
2008-02-05 11:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:46:55.046Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3608", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3608" }, { "name": "28989", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28989" }, { "name": "ADV-2008-0406", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0406/references" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html" }, { "name": "28918", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28918" }, { "name": "ADV-2008-0421", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0421" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mplayerhq.hu/design7/news.html" }, { "name": "MDVSA-2008:046", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046" }, { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28955" }, { "name": "28779", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28779" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.coresecurity.com/?action=item\u0026id=2103" }, { "name": "29307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29307" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541" }, { "name": "GLSA-200802-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "name": "29601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29601" }, { "name": "DSA-1496", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1496" }, { "name": "SUSE-SR:2008:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "29141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29141" }, { "name": "GLSA-200803-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml" }, { "name": "FEDORA-2008-1581", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html" }, { "name": "29323", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29323" }, { "name": "FEDORA-2008-1543", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html" }, { "name": "28956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28956" }, { "name": "DSA-1536", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "27441", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27441" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=38" }, { "name": "28801", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28801" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3608", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3608" }, { "name": "28989", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28989" }, { "name": "ADV-2008-0406", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0406/references" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html" }, { "name": "28918", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28918" }, { "name": "ADV-2008-0421", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0421" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mplayerhq.hu/design7/news.html" }, { "name": "MDVSA-2008:046", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046" }, { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28955" }, { "name": "28779", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28779" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.coresecurity.com/?action=item\u0026id=2103" }, { "name": "29307", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29307" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541" }, { "name": "GLSA-200802-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "name": "29601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29601" }, { "name": "DSA-1496", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1496" }, { "name": "SUSE-SR:2008:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "29141", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29141" }, { "name": "GLSA-200803-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml" }, { "name": "FEDORA-2008-1581", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html" }, { "name": "29323", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29323" }, { "name": "FEDORA-2008-1543", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html" }, { "name": "28956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28956" }, { "name": "DSA-1536", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "27441", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27441" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.xine-project.org/show_bug.cgi?id=38" }, { "name": "28801", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28801" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0486", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3608", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3608" }, { "name": "28989", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28989" }, { "name": "ADV-2008-0406", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0406/references" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html" }, { "name": "28918", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28918" }, { "name": "ADV-2008-0421", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0421" }, { "name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded" }, { "name": "http://www.mplayerhq.hu/design7/news.html", "refsource": "CONFIRM", "url": "http://www.mplayerhq.hu/design7/news.html" }, { "name": "MDVSA-2008:046", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046" }, { "name": "MDVSA-2008:045", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28955" }, { "name": "28779", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28779" }, { "name": "http://www.coresecurity.com/?action=item\u0026id=2103", "refsource": "MISC", "url": "http://www.coresecurity.com/?action=item\u0026id=2103" }, { "name": "29307", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29307" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431541", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541" }, { "name": "GLSA-200802-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200802-12.xml" }, { "name": "29601", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29601" }, { "name": "DSA-1496", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1496" }, { "name": "SUSE-SR:2008:006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html" }, { "name": "29141", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29141" }, { "name": "GLSA-200803-16", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200803-16.xml" }, { "name": "FEDORA-2008-1581", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html" }, { "name": "29323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29323" }, { "name": "FEDORA-2008-1543", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html" }, { "name": "28956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28956" }, { "name": "DSA-1536", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1536" }, { "name": "27441", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27441" }, { "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=209106", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=209106" }, { "name": "http://bugs.xine-project.org/show_bug.cgi?id=38", "refsource": "CONFIRM", "url": "http://bugs.xine-project.org/show_bug.cgi?id=38" }, { "name": "28801", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28801" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0486", "datePublished": "2008-02-05T11:00:00", "dateReserved": "2008-01-29T00:00:00", "dateUpdated": "2024-08-07T07:46:55.046Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-0238 (GCVE-0-2008-0238)
Vulnerability from cvelistv5
Published
2008-01-11 21:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:39:35.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "28384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28384" }, { "name": "28674", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-02-01T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MDVSA-2008:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "31393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31393" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "28384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28384" }, { "name": "28674", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0238", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDVSA-2008:045", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045" }, { "name": "28955", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28955" }, { "name": "GLSA-200801-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200801-12.xml" }, { "name": "31393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31393" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=205197", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205197" }, { "name": "28384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28384" }, { "name": "28674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28674" }, { "name": "USN-635-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-635-1" }, { "name": "MDVSA-2008:020", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0238", "datePublished": "2008-01-11T21:00:00", "dateReserved": "2008-01-11T00:00:00", "dateUpdated": "2024-08-07T07:39:35.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1188 (GCVE-0-2004-1188)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:46:12.403Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "name": "xine-pnmgetchunk-bo(18638)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "MDKSA-2005:011", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "name": "xine-pnmgetchunk-bo(18638)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff", "refsource": "CONFIRM", "url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff" }, { "name": "MDKSA-2005:011", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011" }, { "name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities" }, { "name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21", "refsource": "CONFIRM", "url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21" }, { "name": "xine-pnmgetchunk-bo(18638)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1188", "datePublished": "2004-12-22T05:00:00", "dateReserved": "2004-12-13T00:00:00", "dateUpdated": "2024-08-08T00:46:12.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }