Vulnerabilities > Xine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-24 | CVE-2008-1482 | Buffer Errors vulnerability in Xine Xine-Lib 1.1.11 Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c. | 6.8 |
| 2008-03-24 | CVE-2008-0073 | Numeric Errors vulnerability in Xine Xine-Lib 1.1.10.1 Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | 6.8 |
| 2008-01-10 | CVE-2008-0225 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. | 6.4 |
| 2006-06-28 | CVE-2006-2200 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. | 5.1 |
| 2006-06-03 | CVE-2006-2802 | Buffer Overflow vulnerability in Xine-Lib HTTP Response Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | 5.0 |
| 2006-05-05 | CVE-2006-2230 | Remote Format String vulnerability in Xine 0.99.4 Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. | 5.0 |
| 2004-12-31 | CVE-2004-1951 | Remote File Overwrite vulnerability in Xine Xine, Xine-Lib and Xine-Ui xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | 5.0 |
| 2004-12-31 | CVE-2004-1476 | Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | 5.1 |
| 2004-12-31 | CVE-2004-1475 | Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | 5.1 |
| 2004-12-31 | CVE-2004-1455 | Remote Buffer Overflow vulnerability in Xine-Lib Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. | 5.1 |