Vulnerabilities > Xine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1187 | Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | 10.0 |
| 2004-12-31 | CVE-2004-1951 | Remote File Overwrite vulnerability in Xine Xine, Xine-Lib and Xine-Ui xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | 5.0 |
| 2004-12-31 | CVE-2004-1476 | Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | 5.1 |
| 2004-12-31 | CVE-2004-1475 | Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | 5.1 |
| 2004-12-31 | CVE-2004-1455 | Remote Buffer Overflow vulnerability in Xine-Lib Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. | 5.1 |
| 2004-09-16 | CVE-2004-1379 | Heap Overflow vulnerability in Xine-lib DVD Subpicture Decoder Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field. | 7.5 |
| 2004-08-18 | CVE-2004-0433 | Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets. | 10.0 |
| 2004-04-15 | CVE-2004-0372 | Unspecified vulnerability in Xine xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. | 2.1 |