Vulnerabilities > Xine > Xine LIB

DATE CVE VULNERABILITY TITLE RISK
2008-01-11 CVE-2008-0238 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225.
network
low complexity
xine CWE-119
7.5
2008-01-10 CVE-2008-0225 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field.
network
low complexity
xine CWE-119
6.4
2006-09-14 CVE-2006-4799 Unspecified vulnerability in Xine Xine-Lib 1.0.1/1.0.2/1.1.0
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
network
low complexity
xine
7.5
2006-06-28 CVE-2006-2200 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
network
high complexity
mimms xine CWE-119
5.1
2006-06-03 CVE-2006-2802 Buffer Overflow vulnerability in Xine-Lib HTTP Response
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
network
low complexity
xine
5.0
2006-04-07 CVE-2006-1664 Buffer Overflow vulnerability in Xine-Lib Malformed MPEG Stream
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
network
low complexity
xine
7.5
2005-10-14 CVE-2005-2967 Remote CDDB Information Format String vulnerability in Xine-Lib
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
network
low complexity
xine
7.5
2005-05-02 CVE-2005-1195 Remote Buffer Overflow vulnerability in MPlayer MMST Stream ID
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
network
low complexity
mplayer xine
7.5
2005-01-10 CVE-2004-1300 Unspecified vulnerability in Xine Xine-Lib 1Rc7
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
network
low complexity
xine
critical
10.0
2005-01-10 CVE-2004-1188 The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
network
low complexity
mplayer xine mandrakesoft
critical
10.0