Vulnerabilities > Xine > Xine LIB > 1.1.11.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-26 | CVE-2008-5239 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | 4.3 |
| 2008-11-26 | CVE-2008-5234 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. | 9.3 |
| 2008-11-26 | CVE-2008-5233 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | 4.3 |
| 2008-07-18 | CVE-2008-3231 | Improper Input Validation vulnerability in Xine Xine-Lib xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | 4.3 |
| 2008-04-17 | CVE-2008-1878 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. | 7.5 |