Vulnerabilities > Xine > Xine LIB > 1.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-26 | CVE-2008-5234 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. | 9.3 |
2008-11-26 | CVE-2008-5233 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | 4.3 |
2008-07-18 | CVE-2008-3231 | Improper Input Validation vulnerability in Xine Xine-Lib xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | 4.3 |
2008-04-08 | CVE-2008-1686 | Numeric Errors vulnerability in multiple products Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | 9.3 |
2006-09-14 | CVE-2006-4799 | Unspecified vulnerability in Xine Xine-Lib 1.0.1/1.0.2/1.1.0 Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | 7.5 |
2006-06-03 | CVE-2006-2802 | Buffer Overflow vulnerability in Xine-Lib HTTP Response Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | 5.0 |
2006-04-07 | CVE-2006-1664 | Buffer Overflow vulnerability in Xine-Lib Malformed MPEG Stream Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | 7.5 |
2005-10-14 | CVE-2005-2967 | Remote CDDB Information Format String vulnerability in Xine-Lib Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. | 7.5 |