Vulnerabilites related to xine - xine-lib
CVE-2006-4799 (GCVE-0-2006-4799)
Vulnerability from cvelistv5
Published
2006-09-14 21:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.novell.com/linux/security/advisories/2006_73_mono.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/22230 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/23010 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/usn-358-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/23213 | third-party-advisory, x_refsource_SECUNIA | |
| http://xinehq.de/index.php/news | x_refsource_CONFIRM | |
| http://www.us.debian.org/security/2006/dsa-1215 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200609-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml"
},
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "22230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22230"
},
{
"name": "23010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23010"
},
{
"name": "USN-358-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "DSA-1215",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-10-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200609-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml"
},
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "22230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22230"
},
{
"name": "23010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23010"
},
{
"name": "USN-358-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "DSA-1215",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200609-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml"
},
{
"name": "SUSE-SA:2006:073",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "22230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22230"
},
{
"name": "23010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23010"
},
{
"name": "USN-358-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"name": "23213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23213"
},
{
"name": "http://xinehq.de/index.php/news",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/news"
},
{
"name": "DSA-1215",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4799",
"datePublished": "2006-09-14T21:00:00",
"dateReserved": "2006-09-14T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5245 (GCVE-0-2008-5245)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1020703 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/31502 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2382 | vdb-entry, x_refsource_VUPEN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/30698 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44470 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "xinelib-openvideocapturedevice-bo(44470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "xinelib-openvideocapturedevice-bo(44470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "xinelib-openvideocapturedevice-bo(44470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5245",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1878 (GCVE-0-2008-1878)
Vulnerability from cvelistv5
Published
2008-04-17 22:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-3326",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "FEDORA-2008-3353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html"
},
{
"name": "ADV-2008-1247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1247/references"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30021"
},
{
"name": "29850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29850"
},
{
"name": "MDVSA-2008:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177"
},
{
"name": "5458",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5458"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "xinelib-demuxnsfsendchunk-bo(41865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "28816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28816"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-3326",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "FEDORA-2008-3353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html"
},
{
"name": "ADV-2008-1247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1247/references"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30021"
},
{
"name": "29850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29850"
},
{
"name": "MDVSA-2008:177",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177"
},
{
"name": "5458",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5458"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "xinelib-demuxnsfsendchunk-bo(41865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "28816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28816"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-3326",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html"
},
{
"name": "GLSA-200808-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "FEDORA-2008-3353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html"
},
{
"name": "ADV-2008-1247",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1247/references"
},
{
"name": "DSA-1586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30021"
},
{
"name": "29850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29850"
},
{
"name": "MDVSA-2008:177",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177"
},
{
"name": "5458",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5458"
},
{
"name": "SUSE-SR:2008:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "xinelib-demuxnsfsendchunk-bo(41865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "28816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28816"
},
{
"name": "31372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1878",
"datePublished": "2008-04-17T22:00:00",
"dateReserved": "2008-04-17T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5246 (GCVE-0-2008-5246)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1020703 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44468 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/47677 | vdb-entry, x_refsource_OSVDB | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.vupen.com/english/advisories/2008/2382 | vdb-entry, x_refsource_VUPEN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/30698 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-srcdemuxersid3-bo(44468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468"
},
{
"name": "47677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47677"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-srcdemuxersid3-bo(44468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468"
},
{
"name": "47677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47677"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-srcdemuxersid3-bo(44468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468"
},
{
"name": "47677",
"refsource": "OSVDB",
"url": "http://osvdb.org/47677"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "30698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5246",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0225 (GCVE-0-2008-0225)
Vulnerability from cvelistv5
Published
2008-01-10 23:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "ADV-2008-0163",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0163"
},
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "28489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28489"
},
{
"name": "28507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28507"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "DSA-1472",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1472"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "FEDORA-2008-0718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620"
},
{
"name": "28384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=567872"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28636"
},
{
"name": "27198",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27198"
},
{
"name": "28674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-19T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "ADV-2008-0163",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0163"
},
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "28489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28489"
},
{
"name": "28507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28507"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "DSA-1472",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1472"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "FEDORA-2008-0718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620"
},
{
"name": "28384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=567872"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28636"
},
{
"name": "27198",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27198"
},
{
"name": "28674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt"
},
{
"name": "SUSE-SR:2008:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "ADV-2008-0163",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0163"
},
{
"name": "MDVSA-2008:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "28489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28489"
},
{
"name": "28507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28507"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "DSA-1472",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1472"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=205197",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "FEDORA-2008-0718",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620"
},
{
"name": "28384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28384"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=567872",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=567872"
},
{
"name": "28636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28636"
},
{
"name": "27198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27198"
},
{
"name": "28674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0225",
"datePublished": "2008-01-10T23:00:00",
"dateReserved": "2008-01-10T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0698 (GCVE-0-2009-0698)
Vulnerability from cvelistv5
Published
2009-02-23 15:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-746-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:299 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48954 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/project/shownotes.php?release_id=660071 | x_refsource_CONFIRM | |
| http://bugs.xine-project.org/show_bug.cgi?id=205 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.trapkit.de/advisories/TKADV2009-004.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/500514/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-746-1"
},
{
"name": "MDVSA-2009:299",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "xinelib-4xmdemuxer-code-execution(48954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-746-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-746-1"
},
{
"name": "MDVSA-2009:299",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "xinelib-4xmdemuxer-code-execution(48954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-746-1"
},
{
"name": "MDVSA-2009:299",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "xinelib-4xmdemuxer-code-execution(48954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=660071",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
},
{
"name": "http://bugs.xine-project.org/show_bug.cgi?id=205",
"refsource": "CONFIRM",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
},
{
"name": "MDVSA-2009:298",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2009-004.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0698",
"datePublished": "2009-02-23T15:00:00",
"dateReserved": "2009-02-23T00:00:00",
"dateUpdated": "2024-08-07T04:48:51.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5234 (GCVE-0-2008-5234)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-parsemoovatom-bo(44633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "xinelib-id3v23interpframe-bo(44647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-parsemoovatom-bo(44633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "xinelib-id3v23interpframe-bo(44647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-parsemoovatom-bo(44633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "xinelib-id3v23interpframe-bo(44647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5234",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1300 (GCVE-0-2004-1300)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18611 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 | vendor-advisory, x_refsource_MANDRAKE | |
| http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-openaifffile-bo(18611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-openaifffile-bo(18611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-openaifffile-bo(18611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611"
},
{
"name": "MDKSA-2005:011",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1300",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-20T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2802 (GCVE-0-2006-2802)
Vulnerability from cvelistv5
Published
2006-06-03 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"name": "25936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25936"
},
{
"name": "20369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20369"
},
{
"name": "20942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20942"
},
{
"name": "20766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20766"
},
{
"name": "GLSA-200609-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"name": "18187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18187"
},
{
"name": "20549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20549"
},
{
"name": "xinelib-xinepluginphttp-bo(26972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"name": "SUSE-SR:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"name": "USN-295-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/295-1/"
},
{
"name": "20828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20828"
},
{
"name": "1852",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1852"
},
{
"name": "MDKSA-2006:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"name": "21919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1105",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"name": "25936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25936"
},
{
"name": "20369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20369"
},
{
"name": "20942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20942"
},
{
"name": "20766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20766"
},
{
"name": "GLSA-200609-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"name": "18187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18187"
},
{
"name": "20549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20549"
},
{
"name": "xinelib-xinepluginphttp-bo(26972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"name": "SUSE-SR:2006:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"name": "USN-295-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/295-1/"
},
{
"name": "20828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20828"
},
{
"name": "1852",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1852"
},
{
"name": "MDKSA-2006:108",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"name": "21919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1105",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"name": "25936",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25936"
},
{
"name": "20369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20369"
},
{
"name": "20942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20942"
},
{
"name": "20766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20766"
},
{
"name": "GLSA-200609-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"name": "18187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18187"
},
{
"name": "20549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20549"
},
{
"name": "xinelib-xinepluginphttp-bo(26972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"name": "SUSE-SR:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"name": "USN-295-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/295-1/"
},
{
"name": "20828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20828"
},
{
"name": "1852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1852"
},
{
"name": "MDKSA-2006:108",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"name": "21919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2802",
"datePublished": "2006-06-03T10:00:00",
"dateReserved": "2006-06-02T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1664 (GCVE-0-2006-1664)
Vulnerability from cvelistv5
Published
2006-04-07 10:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19856"
},
{
"name": "28666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
},
{
"name": "xinelib-mpeg-bo(25670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
},
{
"name": "FEDORA-2008-1047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
},
{
"name": "FEDORA-2008-1043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
},
{
"name": "19853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19853"
},
{
"name": "17370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
},
{
"name": "1015868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015868"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"name": "1641",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "GLSA-200604-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19856"
},
{
"name": "28666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
},
{
"name": "xinelib-mpeg-bo(25670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
},
{
"name": "FEDORA-2008-1047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
},
{
"name": "FEDORA-2008-1043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
},
{
"name": "19853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19853"
},
{
"name": "17370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
},
{
"name": "1015868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015868"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"name": "1641",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "GLSA-200604-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19856"
},
{
"name": "28666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28666"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
},
{
"name": "xinelib-mpeg-bo(25670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
},
{
"name": "FEDORA-2008-1047",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
},
{
"name": "FEDORA-2008-1043",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
},
{
"name": "19853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19853"
},
{
"name": "17370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17370"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=128838",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
},
{
"name": "1015868",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015868"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"name": "1641",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "GLSA-200604-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1664",
"datePublished": "2006-04-07T10:00:00",
"dateReserved": "2006-04-07T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1482 (GCVE-0-2008-1482)
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0981/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "3769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3769"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "29484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29484"
},
{
"name": "29756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29756"
},
{
"name": "29600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29600"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/xinehof.zip"
},
{
"name": "xinelib-multiple-bo(41350)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
},
{
"name": "FEDORA-2008-2849",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
},
{
"name": "SSA:2008-092-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137"
},
{
"name": "28370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28370"
},
{
"name": "20080320 Multiple heap overflows in xine-lib 1.1.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0981/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "3769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3769"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "29484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29484"
},
{
"name": "29756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29756"
},
{
"name": "29600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29600"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/xinehof.zip"
},
{
"name": "xinelib-multiple-bo(41350)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
},
{
"name": "FEDORA-2008-2849",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
},
{
"name": "SSA:2008-092-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137"
},
{
"name": "28370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28370"
},
{
"name": "20080320 Multiple heap overflows in xine-lib 1.1.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0981/references"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=438663",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
},
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "GLSA-200808-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "3769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3769"
},
{
"name": "DSA-1586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "FEDORA-2008-2945",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "29484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29484"
},
{
"name": "29756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29756"
},
{
"name": "29600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29600"
},
{
"name": "29740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29740"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "MDVSA-2008:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "http://aluigi.org/poc/xinehof.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/xinehof.zip"
},
{
"name": "xinelib-multiple-bo(41350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
},
{
"name": "FEDORA-2008-2849",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
},
{
"name": "SSA:2008-092-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137"
},
{
"name": "28370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28370"
},
{
"name": "20080320 Multiple heap overflows in xine-lib 1.1.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/xinehof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"name": "31372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1482",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3231 (GCVE-0-2008-3231)
Vulnerability from cvelistv5
Published
2008-07-18 16:00
Modified
2024-08-07 09:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-ogg-dos(44040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"name": "[oss-security] 20080713 CVE requests: crashers by zzuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020703"
},
{
"name": "30699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30699"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-ogg-dos(44040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"name": "[oss-security] 20080713 CVE requests: crashers by zzuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020703"
},
{
"name": "30699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30699"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-ogg-dos(44040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"name": "[oss-security] 20080713 CVE requests: crashers by zzuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020703"
},
{
"name": "30699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30699"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3231",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5239 (GCVE-0-2008-5239)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-multiple-inputplugin-bo(44651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-multiple-inputplugin-bo(44651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-multiple-inputplugin-bo(44651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5239",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5242 (GCVE-0-2008-5242)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30797 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44657 | vdb-entry, x_refsource_XF | |
| http://www.ocert.org/analysis/2008-008/analysis.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/4648 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31827 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/archive/1/495674/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-demuxqtc-stsdatom-dos(44657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-demuxqtc-stsdatom-dos(44657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-demuxqtc-stsdatom-dos(44657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5242",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2200 (GCVE-0-2006-2200)
Vulnerability from cvelistv5
Published
2006-06-27 19:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23512"
},
{
"name": "USN-315-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-315-1"
},
{
"name": "ADV-2006-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2487"
},
{
"name": "21036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21036"
},
{
"name": "MDKSA-2006:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117"
},
{
"name": "SSA:2006-357-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842"
},
{
"name": "USN-309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-309-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
},
{
"name": "MDKSA-2006:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577"
},
{
"name": "18608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18608"
},
{
"name": "20749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20749"
},
{
"name": "21023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21023"
},
{
"name": "23218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23218"
},
{
"name": "21139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21139"
},
{
"name": "20964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20964"
},
{
"name": "20948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20948"
},
{
"name": "GLSA-200607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200607-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-07-11T09:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "23512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23512"
},
{
"name": "USN-315-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-315-1"
},
{
"name": "ADV-2006-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2487"
},
{
"name": "21036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21036"
},
{
"name": "MDKSA-2006:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117"
},
{
"name": "SSA:2006-357-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842"
},
{
"name": "USN-309-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-309-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
},
{
"name": "MDKSA-2006:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577"
},
{
"name": "18608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18608"
},
{
"name": "20749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20749"
},
{
"name": "21023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21023"
},
{
"name": "23218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23218"
},
{
"name": "21139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21139"
},
{
"name": "20964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20964"
},
{
"name": "20948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20948"
},
{
"name": "GLSA-200607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200607-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23512"
},
{
"name": "USN-315-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-315-1"
},
{
"name": "ADV-2006-2487",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2487"
},
{
"name": "21036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21036"
},
{
"name": "MDKSA-2006:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117"
},
{
"name": "SSA:2006-357-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842"
},
{
"name": "USN-309-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-309-1"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=468432",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
},
{
"name": "MDKSA-2006:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577"
},
{
"name": "18608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18608"
},
{
"name": "20749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20749"
},
{
"name": "21023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21023"
},
{
"name": "23218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23218"
},
{
"name": "21139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21139"
},
{
"name": "20964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20964"
},
{
"name": "20948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20948"
},
{
"name": "GLSA-200607-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200607-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2200",
"datePublished": "2006-06-27T19:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0486 (GCVE-0-2008-0486)
Vulnerability from cvelistv5
Published
2008-02-05 11:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3608",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3608"
},
{
"name": "28989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28989"
},
{
"name": "ADV-2008-0406",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"
},
{
"name": "28918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28918"
},
{
"name": "ADV-2008-0421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0421"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"name": "MDVSA-2008:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"
},
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "28779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2103"
},
{
"name": "29307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29307"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"
},
{
"name": "GLSA-200802-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "DSA-1496",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29141"
},
{
"name": "GLSA-200803-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"name": "FEDORA-2008-1581",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "FEDORA-2008-1543",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"
},
{
"name": "28956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28956"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "27441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=38"
},
{
"name": "28801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28801"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3608",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3608"
},
{
"name": "28989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28989"
},
{
"name": "ADV-2008-0406",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"
},
{
"name": "28918",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28918"
},
{
"name": "ADV-2008-0421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0421"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"name": "MDVSA-2008:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"
},
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "28779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2103"
},
{
"name": "29307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29307"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"
},
{
"name": "GLSA-200802-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "DSA-1496",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29141"
},
{
"name": "GLSA-200803-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"name": "FEDORA-2008-1581",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "FEDORA-2008-1543",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"
},
{
"name": "28956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28956"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "27441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=38"
},
{
"name": "28801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28801"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3608",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3608"
},
{
"name": "28989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28989"
},
{
"name": "ADV-2008-0406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"
},
{
"name": "28918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28918"
},
{
"name": "ADV-2008-0421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0421"
},
{
"name": "20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"
},
{
"name": "http://www.mplayerhq.hu/design7/news.html",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"name": "MDVSA-2008:046",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"
},
{
"name": "MDVSA-2008:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28955"
},
{
"name": "28779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28779"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2103",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2103"
},
{
"name": "29307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29307"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431541",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"
},
{
"name": "GLSA-200802-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"name": "29601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29601"
},
{
"name": "DSA-1496",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"name": "SUSE-SR:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29141"
},
{
"name": "GLSA-200803-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"name": "FEDORA-2008-1581",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"
},
{
"name": "29323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29323"
},
{
"name": "FEDORA-2008-1543",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"
},
{
"name": "28956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28956"
},
{
"name": "DSA-1536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "27441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27441"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=209106",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"
},
{
"name": "http://bugs.xine-project.org/show_bug.cgi?id=38",
"refsource": "CONFIRM",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=38"
},
{
"name": "28801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28801"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0486",
"datePublished": "2008-02-05T11:00:00",
"dateReserved": "2008-01-29T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2967 (GCVE-0-2005-2967)
Vulnerability from cvelistv5
Published
2005-10-14 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15044",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15044"
},
{
"name": "17132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17132"
},
{
"name": "MDKSA-2005:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "17097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17097"
},
{
"name": "19892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19892"
},
{
"name": "SSA:2005-283-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2005-1"
},
{
"name": "DSA-863",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-863"
},
{
"name": "20051008 xine/gxine CD Player Remote Format String Bug",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "17111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17111"
},
{
"name": "GLSA-200510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
},
{
"name": "USN-196-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-196-1"
},
{
"name": "17179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17179"
},
{
"name": "17162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17162"
},
{
"name": "17099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17099/"
},
{
"name": "xinelib-inputcdda-format-string(22545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "15044",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15044"
},
{
"name": "17132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17132"
},
{
"name": "MDKSA-2005:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "17097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17097"
},
{
"name": "19892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19892"
},
{
"name": "SSA:2005-283-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2005-1"
},
{
"name": "DSA-863",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-863"
},
{
"name": "20051008 xine/gxine CD Player Remote Format String Bug",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "17111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17111"
},
{
"name": "GLSA-200510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
},
{
"name": "USN-196-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-196-1"
},
{
"name": "17179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17179"
},
{
"name": "17162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17162"
},
{
"name": "17099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17099/"
},
{
"name": "xinelib-inputcdda-format-string(22545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15044"
},
{
"name": "17132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17132"
},
{
"name": "MDKSA-2005:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
},
{
"name": "17282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17282"
},
{
"name": "17097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17097"
},
{
"name": "19892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19892"
},
{
"name": "SSA:2005-283-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2005-1",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2005-1"
},
{
"name": "DSA-863",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-863"
},
{
"name": "20051008 xine/gxine CD Player Remote Format String Bug",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "17111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17111"
},
{
"name": "GLSA-200510-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
},
{
"name": "USN-196-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-196-1"
},
{
"name": "17179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17179"
},
{
"name": "17162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17162"
},
{
"name": "17099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17099/"
},
{
"name": "xinelib-inputcdda-format-string(22545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2967",
"datePublished": "2005-10-14T04:00:00",
"dateReserved": "2005-09-19T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5243 (GCVE-0-2008-5243)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "xinelib-realparseheader-dos(44658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "xinelib-realparseheader-dos(44658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "xinelib-realparseheader-dos(44658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5243",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5247 (GCVE-0-2008-5247)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30797 | vdb-entry, x_refsource_BID | |
| http://www.ocert.org/analysis/2008-008/analysis.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/4648 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31827 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/archive/1/495674/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5247",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1110 (GCVE-0-2008-1110)
Vulnerability from cvelistv5
Published
2008-02-29 19:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xinehq.de/index.php/security | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41019 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/31393 | third-party-advisory, x_refsource_SECUNIA | |
| http://xinehq.de/index.php/news | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200802-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608 | x_refsource_CONFIRM | |
| http://bugs.gentoo.org/show_bug.cgi?id=208100 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/29141 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/1641 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.ubuntu.com/usn/usn-635-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security"
},
{
"name": "xinelib-demuxasf-bo(41019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "GLSA-200802-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208100"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "29141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb"
},
{
"name": "1641",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security"
},
{
"name": "xinelib-demuxasf-bo(41019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "GLSA-200802-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208100"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "29141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb"
},
{
"name": "1641",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xinehq.de/index.php/security",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security"
},
{
"name": "xinelib-demuxasf-bo(41019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "http://xinehq.de/index.php/news",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/news"
},
{
"name": "GLSA-200802-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=208100",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208100"
},
{
"name": "MDVSA-2008:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "29141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29141"
},
{
"name": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fb6d089b520dca199ef16a046da28c50c984c2d2;style=gitweb",
"refsource": "CONFIRM",
"url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=fb6d089b520dca199ef16a046da28c50c984c2d2;style=gitweb"
},
{
"name": "1641",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1110",
"datePublished": "2008-02-29T19:00:00",
"dateReserved": "2008-02-29T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1476 (GCVE-0-2004-1476)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11206 | vdb-entry, x_refsource_BID | |
| http://xinehq.de/index.php/security/XSA-2004-4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17431 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1476",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0238 (GCVE-0-2008-0238)
Vulnerability from cvelistv5
Published
2008-01-11 21:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:045 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/28955 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200801-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/31393 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.gentoo.org/show_bug.cgi?id=205197 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28384 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28674 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/usn-635-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:020 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "28384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28384"
},
{
"name": "28674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "28384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28384"
},
{
"name": "28674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name": "28955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28955"
},
{
"name": "GLSA-200801-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=205197",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"name": "28384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28384"
},
{
"name": "28674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28674"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "MDVSA-2008:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0238",
"datePublished": "2008-01-11T21:00:00",
"dateReserved": "2008-01-11T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1951 (GCVE-0-2004-1951)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11433 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.xinehq.de/index.php/security/XSA-2004-1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/10193 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15939 | vdb-entry, x_refsource_XF | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 | vendor-advisory, x_refsource_SLACKWARE | |
| http://www.xinehq.de/index.php/security/XSA-2004-2 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200404-20.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.osvdb.org/5739 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/5594 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11433"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-1",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-2",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1951",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0073 (GCVE-0-2008-0073)
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-0073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2008-10/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "GLSA-200808-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"name": "SSA:2008-089-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"name": "28312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"name": "xinelib-sdpplinparse-bo(41339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "FEDORA-2008-2945",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"name": "SUSE-SR:2008:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "29392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29392"
},
{
"name": "FEDORA-2008-2569",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"name": "28694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28694"
},
{
"name": "29740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29740"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "SUSE-SR:2008:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"name": "http://xinehq.de/index.php/news",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/news"
},
{
"name": "29601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29601"
},
{
"name": "MDVSA-2008:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "ADV-2008-0923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "MDVSA-2008:219",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "1019682",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "29472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29472"
},
{
"name": "DSA-1536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"name": "29578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29578"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "31372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-0073",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5248 (GCVE-0-2008-5248)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/32505 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 | vendor-advisory, x_refsource_MANDRIVA | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32505",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32505"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32505",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32505"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32505"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "MDVSA-2009:298",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5248",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1195 (GCVE-0-2005-1195)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mplayer-mmst-stream-bo(20175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u"
},
{
"name": "13271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13271"
},
{
"name": "GLSA-200504-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11"
},
{
"name": "1013771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013771"
},
{
"name": "15712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15712"
},
{
"name": "15014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10"
},
{
"name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u"
},
{
"name": "20050421 [PLSN-0003] - Remote exploits in MPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/396703"
},
{
"name": "15711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15711"
},
{
"name": "mplayer-rtsp-stream-bo(20171)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mplayer-mmst-stream-bo(20175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u"
},
{
"name": "13271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13271"
},
{
"name": "GLSA-200504-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11"
},
{
"name": "1013771",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013771"
},
{
"name": "15712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15712"
},
{
"name": "15014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10"
},
{
"name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u"
},
{
"name": "20050421 [PLSN-0003] - Remote exploits in MPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/396703"
},
{
"name": "15711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15711"
},
{
"name": "mplayer-rtsp-stream-bo(20171)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mplayer-mmst-stream-bo(20175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u"
},
{
"name": "13271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13271"
},
{
"name": "GLSA-200504-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml"
},
{
"name": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11"
},
{
"name": "1013771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013771"
},
{
"name": "15712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15712"
},
{
"name": "15014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15014"
},
{
"name": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10"
},
{
"name": "20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u"
},
{
"name": "20050421 [PLSN-0003] - Remote exploits in MPlayer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396703"
},
{
"name": "15711",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15711"
},
{
"name": "mplayer-rtsp-stream-bo(20171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1195",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1274 (GCVE-0-2009-1274)
Vulnerability from cvelistv5
Published
2009-04-08 18:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34593"
},
{
"name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded"
},
{
"name": "1021989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021989"
},
{
"name": "53288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:299",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "FEDORA-2009-3428",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html"
},
{
"name": "xinelib-demuxqt-bo(49714)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714"
},
{
"name": "34384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34384"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "FEDORA-2009-3433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html"
},
{
"name": "34712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34712"
},
{
"name": "ADV-2009-0937",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0937"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34593"
},
{
"name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded"
},
{
"name": "1021989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021989"
},
{
"name": "53288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:299",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "FEDORA-2009-3428",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html"
},
{
"name": "xinelib-demuxqt-bo(49714)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714"
},
{
"name": "34384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34384"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "MDVSA-2009:298",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "FEDORA-2009-3433",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html"
},
{
"name": "34712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34712"
},
{
"name": "ADV-2009-0937",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0937"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34593"
},
{
"name": "20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded"
},
{
"name": "1021989",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021989"
},
{
"name": "53288",
"refsource": "OSVDB",
"url": "http://osvdb.org/53288"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:299",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"name": "FEDORA-2009-3428",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html"
},
{
"name": "xinelib-demuxqt-bo(49714)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714"
},
{
"name": "34384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34384"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "MDVSA-2009:298",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "FEDORA-2009-3433",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html"
},
{
"name": "34712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34712"
},
{
"name": "ADV-2009-0937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0937"
},
{
"name": "http://bugs.xine-project.org/show_bug.cgi?id=224",
"refsource": "CONFIRM",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=224"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2009-005.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2009-005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1274",
"datePublished": "2009-04-08T18:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1379 (GCVE-0-2004-1379)
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17423 | vdb-entry, x_refsource_XF | |
| http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.320308 | vendor-advisory, x_refsource_SLACKWARE | |
| http://xinehq.de/index.php/security/XSA-2004-5 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-657 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/11205 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-5",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1379",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1187 (GCVE-0-2004-1187)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 | vdb-entry, x_refsource_XF | |
| http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff | x_refsource_CONFIRM | |
| http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 | vendor-advisory, x_refsource_MANDRAKE | |
| http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:11.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-pnatag-bo(18640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-pnatag-bo(18640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-pnatag-bo(18640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
},
{
"name": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"name": "MDKSA-2005:011",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1187",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-13T00:00:00",
"dateUpdated": "2024-08-08T00:46:11.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1686 (GCVE-0-2008-1686)
Vulnerability from cvelistv5
Published
2008-04-08 18:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-611-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-611-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
},
{
"name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
},
{
"name": "ADV-2008-1302",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1302/references"
},
{
"name": "MDVSA-2008:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
},
{
"name": "1019875",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019875"
},
{
"name": "29878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29878"
},
{
"name": "29898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29898"
},
{
"name": "FEDORA-2008-3103",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
},
{
"name": "ADV-2008-1269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1269/references"
},
{
"name": "29866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29866"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30117"
},
{
"name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
},
{
"name": "30104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30104"
},
{
"name": "ADV-2008-1300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1300/references"
},
{
"name": "29727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29727"
},
{
"name": "ADV-2008-1301",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1301/references"
},
{
"name": "USN-611-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-611-3"
},
{
"name": "29672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29672"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "DSA-1585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1585"
},
{
"name": "MDVSA-2008:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
},
{
"name": "30353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30353"
},
{
"name": "fishsound-libfishsound-speex-bo(41684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
},
{
"name": "29835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29835"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
},
{
"name": "29880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "oval:org.mitre.oval:def:10026",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-2.html"
},
{
"name": "ADV-2008-1228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1228/references"
},
{
"name": "DSA-1584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-004.html"
},
{
"name": "ADV-2008-1268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1268/references"
},
{
"name": "29845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29845"
},
{
"name": "USN-611-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-611-2"
},
{
"name": "RHSA-2008:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
},
{
"name": "30358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30358"
},
{
"name": "29854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29854"
},
{
"name": "SSA:2008-111-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
},
{
"name": "ADV-2008-1187",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1187/references"
},
{
"name": "MDVSA-2008:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
},
{
"name": "29881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29881"
},
{
"name": "MDVSA-2008:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
},
{
"name": "GLSA-200804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
},
{
"name": "30119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30119"
},
{
"name": "28665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.metadecks.org/software/sweep/news.html"
},
{
"name": "FEDORA-2008-3191",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
},
{
"name": "FEDORA-2008-3059",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
},
{
"name": "29882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29882"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30581"
},
{
"name": "SUSE-SR:2008:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-611-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-611-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
},
{
"name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
},
{
"name": "ADV-2008-1302",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1302/references"
},
{
"name": "MDVSA-2008:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
},
{
"name": "1019875",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019875"
},
{
"name": "29878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29878"
},
{
"name": "29898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29898"
},
{
"name": "FEDORA-2008-3103",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
},
{
"name": "ADV-2008-1269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1269/references"
},
{
"name": "29866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29866"
},
{
"name": "DSA-1586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30117"
},
{
"name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
},
{
"name": "30104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30104"
},
{
"name": "ADV-2008-1300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1300/references"
},
{
"name": "29727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29727"
},
{
"name": "ADV-2008-1301",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1301/references"
},
{
"name": "USN-611-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-611-3"
},
{
"name": "29672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29672"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "DSA-1585",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1585"
},
{
"name": "MDVSA-2008:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
},
{
"name": "30353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30353"
},
{
"name": "fishsound-libfishsound-speex-bo(41684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
},
{
"name": "29835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29835"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
},
{
"name": "29880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
},
{
"name": "31393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31393"
},
{
"name": "oval:org.mitre.oval:def:10026",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-2.html"
},
{
"name": "ADV-2008-1228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1228/references"
},
{
"name": "DSA-1584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-004.html"
},
{
"name": "ADV-2008-1268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1268/references"
},
{
"name": "29845",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29845"
},
{
"name": "USN-611-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-611-2"
},
{
"name": "RHSA-2008:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
},
{
"name": "30358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30358"
},
{
"name": "29854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29854"
},
{
"name": "SSA:2008-111-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
},
{
"name": "ADV-2008-1187",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1187/references"
},
{
"name": "MDVSA-2008:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
},
{
"name": "29881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29881"
},
{
"name": "MDVSA-2008:093",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
},
{
"name": "GLSA-200804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
},
{
"name": "30119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30119"
},
{
"name": "28665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.metadecks.org/software/sweep/news.html"
},
{
"name": "FEDORA-2008-3191",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
},
{
"name": "FEDORA-2008-3059",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
},
{
"name": "29882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29882"
},
{
"name": "USN-635-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30581"
},
{
"name": "SUSE-SR:2008:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-611-1"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=592185",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
},
{
"name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
},
{
"name": "ADV-2008-1302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1302/references"
},
{
"name": "MDVSA-2008:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
},
{
"name": "1019875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019875"
},
{
"name": "29878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29878"
},
{
"name": "29898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29898"
},
{
"name": "FEDORA-2008-3103",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
},
{
"name": "ADV-2008-1269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1269/references"
},
{
"name": "29866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29866"
},
{
"name": "DSA-1586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"name": "30117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30117"
},
{
"name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
"refsource": "MLIST",
"url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
},
{
"name": "30104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30104"
},
{
"name": "ADV-2008-1300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1300/references"
},
{
"name": "29727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29727"
},
{
"name": "ADV-2008-1301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1301/references"
},
{
"name": "USN-611-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-611-3"
},
{
"name": "29672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29672"
},
{
"name": "SUSE-SR:2008:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "DSA-1585",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1585"
},
{
"name": "MDVSA-2008:092",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
},
{
"name": "30353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30353"
},
{
"name": "fishsound-libfishsound-speex-bo(41684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
},
{
"name": "29835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29835"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
},
{
"name": "29880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29880"
},
{
"name": "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
"refsource": "CONFIRM",
"url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
},
{
"name": "31393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31393"
},
{
"name": "oval:org.mitre.oval:def:10026",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-2.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-2.html"
},
{
"name": "ADV-2008-1228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1228/references"
},
{
"name": "DSA-1584",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1584"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-004.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-004.html"
},
{
"name": "ADV-2008-1268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1268/references"
},
{
"name": "29845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29845"
},
{
"name": "USN-611-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-611-2"
},
{
"name": "RHSA-2008:0235",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
},
{
"name": "30358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30358"
},
{
"name": "29854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29854"
},
{
"name": "SSA:2008-111-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
},
{
"name": "ADV-2008-1187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1187/references"
},
{
"name": "MDVSA-2008:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
},
{
"name": "29881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29881"
},
{
"name": "MDVSA-2008:093",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
},
{
"name": "GLSA-200804-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
},
{
"name": "30119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30119"
},
{
"name": "28665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28665"
},
{
"name": "http://www.metadecks.org/software/sweep/news.html",
"refsource": "CONFIRM",
"url": "http://www.metadecks.org/software/sweep/news.html"
},
{
"name": "FEDORA-2008-3191",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
},
{
"name": "FEDORA-2008-3059",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
},
{
"name": "29882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29882"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30337"
},
{
"name": "30581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30581"
},
{
"name": "SUSE-SR:2008:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1686",
"datePublished": "2008-04-08T18:00:00",
"dateReserved": "2008-04-06T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5244 (GCVE-0-2008-5244)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1020703 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://sourceforge.net/project/shownotes.php?release_id=619869 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5244",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5233 (GCVE-0-2008-5233)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "47747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/47747"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-mymngprocessheader-bo(44648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648"
},
{
"name": "xinelib-openmodfile-bo(44649)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649"
},
{
"name": "xinelib-realparseaudiospecificdata-bo(44639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "47747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/47747"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-mymngprocessheader-bo(44648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648"
},
{
"name": "xinelib-openmodfile-bo(44649)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649"
},
{
"name": "xinelib-realparseaudiospecificdata-bo(44639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "47747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47747"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-mymngprocessheader-bo(44648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648"
},
{
"name": "xinelib-openmodfile-bo(44649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649"
},
{
"name": "xinelib-realparseaudiospecificdata-bo(44639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5233",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1188 (GCVE-0-2004-1188)
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"name": "xine-pnmgetchunk-bo(18638)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "MDKSA-2005:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"name": "xine-pnmgetchunk-bo(18638)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"name": "MDKSA-2005:011",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"name": "20041221 Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"name": "xine-pnmgetchunk-bo(18638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1188",
"datePublished": "2004-12-22T05:00:00",
"dateReserved": "2004-12-13T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0433 (GCVE-0-2004-0433)
Vulnerability from cvelistv5
Published
2004-05-05 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16019 | vdb-entry, x_refsource_XF | |
| http://www.xinehq.de/index.php/security/XSA-2004-3 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200405-24.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mplayer-rtsp-rdt-bo(16019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-3"
},
{
"name": "GLSA-200405-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mplayer-rtsp-rdt-bo(16019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-3"
},
{
"name": "GLSA-200405-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mplayer-rtsp-rdt-bo(16019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-3",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-3"
},
{
"name": "GLSA-200405-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0433",
"datePublished": "2004-05-05T04:00:00",
"dateReserved": "2004-05-03T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1455 (GCVE-0-2004-1455)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12194/ | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=109284737628045&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://open-security.org/advisories/6 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10890 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16930 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12194/"
},
{
"name": "20040817 Open Security Group Advisory #6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-security.org/advisories/6"
},
{
"name": "10890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10890"
},
{
"name": "xine-vcd-identifier-bo(16930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12194/"
},
{
"name": "20040817 Open Security Group Advisory #6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-security.org/advisories/6"
},
{
"name": "10890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10890"
},
{
"name": "xine-vcd-identifier-bo(16930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12194/"
},
{
"name": "20040817 Open Security Group Advisory #6",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2"
},
{
"name": "http://open-security.org/advisories/6",
"refsource": "MISC",
"url": "http://open-security.org/advisories/6"
},
{
"name": "10890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10890"
},
{
"name": "xine-vcd-identifier-bo(16930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930"
},
{
"name": "GLSA-200408-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1455",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5240 (GCVE-0-2008-5240)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "xinelib-demuxmatroska-dos(44653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "47742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/47742"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "xinelib-demuxmatroska-dos(44653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "47742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/47742"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "xinelib-demuxmatroska-dos(44653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "47742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47742"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5240",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1475 (GCVE-0-2004-1475)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11206 | vdb-entry, x_refsource_BID | |
| http://xinehq.de/index.php/security/XSA-2004-4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17432 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-200408-18.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17430 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1475",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5241 (GCVE-0-2008-5241)
Vulnerability from cvelistv5
Published
2008-11-26 01:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30797 | vdb-entry, x_refsource_BID | |
| http://www.ocert.org/analysis/2008-008/analysis.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/4648 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31827 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/archive/1/495674/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44656 | vdb-entry, x_refsource_XF | |
| https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "xinelib-demuxqtc-cmovatom-dos(44656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "xinelib-demuxqtc-cmovatom-dos(44656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "xinelib-demuxqtc-cmovatom-dos(44656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5241",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-04-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4FBA1-BC5C-43F8-AD20-7D7245382EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "066B88F9-0617-403E-9B7A-B8CAC6E76D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D88354B3-C565-480C-B45D-CB172F139E28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n qt_error parse_trak_atom en demuxers/demux_qt.c en xine-lib v1.1.16.2 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero de v\u00eddeo Quicktime, con un valor largo de contador en un elemento STTS, lo que provoca un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2009-1274",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-08T18:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=224"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34593"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34712"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34384"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021989"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0937"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.xine-project.org/show_bug.cgi?id=224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=673233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502481/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-11 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61",
"versionEndIncluding": "1.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de la pila din\u00e1mica (heap) en la funci\u00f3n rmff_dump_cont contenida en el fichero input/libreal/rmff.c de xine-lib 1.1.9, permite que atacantes remotos ejecuten c\u00f3digo arbitrario a trav\u00e9s del SDP (1) Title, (2) Author, o (3) el atributo Copyright, relacionado con la funci\u00f3n rmff_dump_header, vectores diferentes a la CVE-2008-0225. NOTA: se desconoce la procedencia de esta informaci\u00f3n; los detalles se han obtenido s\u00f3lamente de terceros."
}
],
"evaluatorSolution": "Please see the following link for more information regarding the exploit:\r\n\r\nhttp://aluigi.altervista.org/adv/xinermffhof-adv.txt",
"id": "CVE-2008-0238",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-11T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28384"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28674"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28955"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | 1_alpha | |
| xine | xine | 1_beta1 | |
| xine | xine | 1_beta2 | |
| xine | xine | 1_beta3 | |
| xine | xine | 1_beta4 | |
| xine | xine | 1_beta5 | |
| xine | xine | 1_beta6 | |
| xine | xine | 1_beta7 | |
| xine | xine | 1_beta8 | |
| xine | xine | 1_beta9 | |
| xine | xine | 1_beta10 | |
| xine | xine | 1_beta11 | |
| xine | xine | 1_beta12 | |
| xine | xine | 1_rc0 | |
| xine | xine | 1_rc0a | |
| xine | xine | 1_rc1 | |
| xine | xine | 1_rc2 | |
| xine | xine | 1_rc3 | |
| xine | xine | 1_rc3a | |
| xine | xine | 1_rc3b | |
| xine | xine | 1_rc4 | |
| xine | xine | 1_rc5 | |
| xine | xine-lib | 0.9.8 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta12 | |
| xine | xine-lib | 1_rc0 | |
| xine | xine-lib | 1_rc1 | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3 | |
| xine | xine-lib | 1_rc3a | |
| xine | xine-lib | 1_rc3b | |
| xine | xine-lib | 1_rc3c | |
| xine | xine-lib | 1_rc4 | |
| xine | xine-lib | 1_rc5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
],
"id": "CVE-2004-1379",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"source": "cve@mitre.org",
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-17 22:05
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7557F8-5A8F-4DCE-AB62-BB6E88893443",
"versionEndIncluding": "1.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basada en pila en la funci\u00f3n demux_nsf_send_chunk en el src/demuxers/demux_nsf.c en xine-lib 1.1.12 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un t\u00edtulo NSF largo."
}
],
"id": "CVE-2008-1878",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-17T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29850"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30021"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28816"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1247/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5458"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1247/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | 0.9.18 | |
| xine | xine | 1_rc2 | |
| xine | xine | 1_rc3 | |
| xine | xine | 1_rc4 | |
| xine | xine | 1_rc5 | |
| xine | xine-lib | 0.99 | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3 | |
| xine | xine-lib | 1_rc4 | |
| xine | xine-lib | 1_rc5 | |
| suse | suse_linux | 8.0 | |
| suse | suse_linux | 8.1 | |
| suse | suse_linux | 8.2 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:personal:*:*:*:*:*",
"matchCriteriaId": "D4940BE0-08CA-4B6C-ACA2-EE6EECE3E4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*",
"matchCriteriaId": "F239BA8A-6B41-4B08-8C7C-25D235812C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*",
"matchCriteriaId": "3EA56868-ACA1-4C65-9FFB-A68129D2428A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*",
"matchCriteriaId": "3BEE15E9-9194-4E37-AB3B-66ECD5AC9E11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
],
"id": "CVE-2004-1476",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-05 12:00
Modified
2025-04-09 00:30
Severity ?
Summary
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9395B548-2F82-4543-A100-86B56A52B394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "Vulnerabilidad de \u00edndice de array en libmpdemux/demux_audio.c de MPlayer 1.0rc2 y SVN antes de r25917, y posiblemente versiones anteriores, como se utiliz\u00f3 en Xine-lib 1.1.10. Podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una etiqueta FLAC manipulada que provoca un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2008-0486",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-05T12:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=38"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28779"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28801"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28918"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28955"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28956"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28989"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29141"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29307"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29323"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29601"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3608"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2103"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"
},
{
"source": "cve@mitre.org",
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27441"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0421"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=574735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487501/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-23 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "066B88F9-0617-403E-9B7A-B8CAC6E76D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el demuxer 4xm (demuxers/demux_4xm.c) en xine-lib 1.1.16.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (con ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de pel\u00edcula 4X con un gran valor current_track. Se trata de un problema similar al de CVE-2009-0385."
}
],
"id": "CVE-2009-0698",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-23T15:30:04.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-746-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-746-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mplayer | mplayer | 1.0_pre3try2 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3a | |
| xine | xine-lib | 1_rc3b | |
| xine | xine-lib | 1_rc3c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en cliente Real-Time Streaming Protocol (RTSP) de (1) MPlayer anteriores a 1.0pre4 y (2) xine lib (xine-lib) anteriores a 1-rc4, cuando reproduce secuencias Real trsp (realrtsp), que permiten a atacantes remotos causar una denegaci\u00f3n de servivio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su eleccion mediante (a) URLs largas, (b) respuestas de servidor Real largas, o (c) paquetes de transporte de datos Real (RDT) largos."
}
],
"id": "CVE-2004-0433",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-3"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-08 18:05
Modified
2025-04-09 00:30
Severity ?
Summary
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.8 | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 0.99 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xiph | speex | * | |
| xiph | speex | 1.0.2 | |
| xiph | speex | 1.0.3 | |
| xiph | speex | 1.0.4 | |
| xiph | speex | 1.0.5 | |
| xiph | speex | 1.1.1 | |
| xiph | speex | 1.1.2 | |
| xiph | speex | 1.1.3 | |
| xiph | speex | 1.1.4 | |
| xiph | speex | 1.1.5 | |
| xiph | speex | 1.1.6 | |
| xiph | speex | 1.1.7 | |
| xiph | speex | 1.1.8 | |
| xiph | speex | 1.1.9 | |
| xiph | speex | 1.1.10 | |
| xiph | speex | 1.1.11 | |
| xiph | speex | 1.1.11.1 | |
| xiph | libfishsound | * | |
| xiph | libfishsound | 0.5.41 | |
| xiph | libfishsound | 0.5.42 | |
| xiph | libfishsound | 0.6.0 | |
| xiph | libfishsound | 0.6.1 | |
| xiph | libfishsound | 0.6.2 | |
| xiph | libfishsound | 0.6.3 | |
| xiph | libfishsound | 0.7.0 | |
| xiph | libfishsound | 0.8.0 | |
| xiph | libfishsound | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4432BC00-44D6-4ED9-B642-1BF8C81B6EAD",
"versionEndIncluding": "1.1.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3B238B-BE7C-4912-A56A-95DE5051846E",
"versionEndIncluding": "1.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95BC5FA0-E710-42D4-8BF0-4D30BC44C833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8789D167-6DF2-46B7-ABA2-717E141738BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3873FDB9-80A9-4968-B0DC-84201AE1C78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7339D59-8049-4172-BB68-134F9B50E896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D762BB7-7A35-4D2A-9EC7-A328197F1EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46825B5B-B8A2-4FEB-991D-F2AE174A8C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3BC3CC-07AA-445F-8913-E1FABC60C2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACE9F82-E352-47C7-BA34-C97E4FB759FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFF577A-41DB-49B8-BA00-00650DA10DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9655A71E-C2E4-4003-BBA7-05BD29375621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3E545096-41AC-4DF0-92B4-747CC1F1FE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "08E27446-B68B-4213-9FD1-3C3A8941BA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0B0BC2-C155-460B-A8CB-0CF0C04896BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA06646-FCDF-427D-84B1-99D8C6889CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68C981F1-832E-46A5-99CB-ECC3B46D21DD",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5D47C5-1171-4A95-82CC-DA965D893F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*",
"matchCriteriaId": "585368E9-36BB-45F6-A427-AF8578AA9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72C4DD65-8354-40DE-B05F-6742A67C8BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55901750-2FB5-4C4E-A1C9-8204D16FEBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "022A0430-895C-46EA-A0C6-BA7492443901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7D68C-FEA1-4DC6-9FC4-A32AF894472C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B42ED6-243E-427D-86F3-46EEC0DF282D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30743A63-4AA4-4812-9026-04A8FC1308ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
},
{
"lang": "es",
"value": "Una vulnerabilidad de \u00edndice de matriz en Speex versi\u00f3n 1.1.12 y anteriores, tal y como es usado en libfishsound versi\u00f3n 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de funci\u00f3n."
}
],
"id": "CVE-2008-1686",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-08T18:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29672"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29727"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29835"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29845"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29854"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29866"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29878"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29880"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29881"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29882"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29898"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30117"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30119"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30353"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30358"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30581"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30717"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1584"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1585"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
},
{
"source": "cve@mitre.org",
"url": "http://www.metadecks.org/software/sweep/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2008-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2008-2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28665"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019875"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-611-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-611-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-611-3"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1187/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1228/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1268/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1269/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1300/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1301/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1302/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.metadecks.org/software/sweep/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-611-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-611-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-611-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1187/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1228/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1268/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1269/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1300/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1301/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1302/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en xine-lib anterior a v1.1.15, tiene un impacto desconocido y vectores de ataque relacionados con libfaad. NOTA: Debido a la falta de detalles, no est\u00e1 claro si es una vulnerabilidad que afecta a xine-lib o a libfaad."
}
],
"id": "CVE-2008-5244",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-26T01:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en xine-lib anterior a 1.1.15; permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a a trav\u00e9s de vectores que env\u00edan datos ID3 a las funciones (1) id3v22_interp_frame Y (2) id3v24_interp_frame en src/demuxers/id3.c. NOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-5246",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/47677"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/47677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44468"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value."
},
{
"lang": "es",
"value": "La funci\u00f3n real_parse_audio_specific_data en demux_real.c en xine-lib v1.1.12, y otros 1.1.15 y versiones anteriores, utiliza un valor de altura no confiable (tambi\u00e9n conocido como codec_data_length) como divisor, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de dicisi\u00f3n por cero y ca\u00edda) mediante un valor cero."
}
],
"id": "CVE-2008-5247",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM)."
},
{
"lang": "es",
"value": "Desbordamiento inferior de b\u00fafer en demux_qt.c en xine-lib 1.1.12, y otras 1.1.15 y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un archivo media manipulado que resulta en un valor peque\u00f1o de moov_atom_size en un MOV comprimido (tambi\u00e9n conocido como CMOV_ATOM)."
}
],
"id": "CVE-2008-5241",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-14 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD."
}
],
"id": "CVE-2005-2967",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-14T10:02:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17097"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17099/"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17111"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17132"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17162"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17179"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "security@debian.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-863"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
},
{
"source": "security@debian.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "security@debian.org",
"url": "http://www.osvdb.org/19892"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15044"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/usn-196-1"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2005-1"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17099/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.415454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-196-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xinehq.de/index.php/security/XSA-2005-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en xine-lib 1.1.11 y anteriores permiten a atacantes remotos disparar desbordamientos de b\u00fafer basados en mont\u00edculo y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) un archivo .FLV manipulado, que dispara un desbordamiento en demuxers/demux_flv.c; (2) un archivo .MOV manipulado, que dispara un desbordamiento en demuxers/demux_qt.c; (3) un archivo .RM manipulado, que dispara un desbordamiento en demuxers/demux_real.c; (4) un archivo .MVE manipulado, que dispara un desbordamiento en demuxers/demux_wvc3movie.c; (5) un archivo .MKV manipulado, que dispara un desbordamiento en demuxers/ebml.c; o (6) un archivo .CAK manipulado, que dispara un desbordamiento en demuxers/demux_film.c."
}
],
"id": "CVE-2008-1482",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T22:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/xinehof.zip"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29484"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29600"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3769"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28370"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0981/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/xinehof.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.441137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0981/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-29 19:44
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61",
"versionEndIncluding": "1.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FD9EFC-8213-4543-B57E-5BCD4929487A",
"versionEndIncluding": "1.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en demuxers/demux_asf.c (tambi\u00e9n conocido como ASF demuxer) en la extensi\u00f3n xineplug_dmx_asf.so de xine-lib before 1.1.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una cabecera ASF manipulada.\r\nNOTA: esta cuesti\u00f3n provoca una ca\u00edda cuando un atacante utiliza el c\u00f3digo del exploit CVE-2006-1664, pero esto es diferente a CVE-2006-1664."
}
],
"id": "CVE-2008-1110",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-29T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208100"
},
{
"source": "cve@mitre.org",
"url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29141"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "cve@mitre.org",
"url": "http://xinehq.de/index.php/security"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=208100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xinehq.de/index.php/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-03 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:gxine:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB1CC9F-3531-47B8-8638-734BF697F235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el HTTP Plugin (xineplug_inp_http.so) para xine-lib 1.1.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una respuesta larga de un servidor HTTP, seg\u00fan lo demostrado usando gxine 0.5.6."
}
],
"id": "CVE-2006-2802",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-03T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20369"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20549"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20766"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20828"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20942"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21919"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25936"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18187"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/295-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/295-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD73BA0-D315-4ADA-A942-8DCC2A920B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "710ACCE6-B3E3-474A-B78B-5A123EC24DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "55D3C3E6-862E-470E-8CEA-4B333B906172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "30D6A539-5523-4E52-854A-82CDCDBDFC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CA841B0B-8FA9-45F9-9B60-7C9BD1A92E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "91907AEA-D84F-4DD9-AD22-41E563182FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D200DE0F-D8BB-460D-928E-E59473F84B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5103A1E1-670A-4527-9FB8-9D8B0DA506D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "500E5BD7-3F17-455F-8463-50B145128873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE4C532-1756-4B2E-94EE-8F8253281F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6875BE-67F1-4E0E-A610-7B6EDBAB6431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "29A09BDA-DA05-4512-9E39-14819C410CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5650520-0CCA-47C1-A7B8-8A6129BE6B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1FAB76-B1DB-400E-9224-09E82D9A8847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D18950-F883-47D1-B95B-6F46F2F6F701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5D1CF3-66DF-4000-BEC7-760367856891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "B469D7A8-9CF5-4AF7-802F-E43752AF18F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3AA3FD-BB0E-4164-85EB-30613900C4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "44D12F07-097C-4F21-9D97-AF3ABAA1C089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187."
}
],
"id": "CVE-2004-1188",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=177\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18638"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | 0.9.8 | |
| xine | xine | 0.9.13 | |
| xine | xine | 1_beta1 | |
| xine | xine | 1_beta2 | |
| xine | xine | 1_beta3 | |
| xine | xine | 1_beta4 | |
| xine | xine | 1_beta5 | |
| xine | xine | 1_beta6 | |
| xine | xine | 1_beta7 | |
| xine | xine | 1_beta8 | |
| xine | xine | 1_beta9 | |
| xine | xine | 1_beta10 | |
| xine | xine | 1_beta11 | |
| xine | xine | 1_beta12 | |
| xine | xine | 1_rc0a | |
| xine | xine | 1_rc1 | |
| xine | xine | 1_rc2 | |
| xine | xine | 1_rc3 | |
| xine | xine | 1_rc3a | |
| xine | xine | 1_rc3b | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3a | |
| xine | xine-lib | 1_rc3b | |
| xine | xine-lib | 1_rc3c | |
| xine | xine-ui | 0.9.21 | |
| xine | xine-ui | 0.9.22 | |
| xine | xine-ui | 0.9.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-ui:0.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "61A8FD65-6A0E-4D76-BE81-002B9F3230E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-ui:0.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "807BDB2A-2895-448D-B28D-D09AE58EA24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-ui:0.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "590D055B-1608-411A-AA04-4F0F43496BA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
],
"id": "CVE-2004-1951",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11433"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5594"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5739"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mplayer | mplayer | * | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3a | |
| xine | xine-lib | 1_rc3b | |
| xine | xine-lib | 1_rc3c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EEE614-9EB1-4217-B962-AD3EECD7C689",
"versionEndIncluding": "1.0_pre6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code."
}
],
"id": "CVE-2005-1195",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15014"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013771"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15711"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15712"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/396703"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13271"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18\u0026r2=1.19\u0026diff_format=u"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55\u0026r2=1.56\u0026diff_format=u"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mplayerhq.hu/homepage/design7/news.html#vuln11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/396703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-18 16:41
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.8 | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 0.99 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine."
},
{
"lang": "es",
"value": "xine-lib en versiones anteriores a 1.1.15, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo OGG dise\u00f1ado, como es demostrado al reproducir lol-ffplay.ogg con xine."
}
],
"id": "CVE-2008-3231",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-18T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30699"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD73BA0-D315-4ADA-A942-8DCC2A920B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "710ACCE6-B3E3-474A-B78B-5A123EC24DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "55D3C3E6-862E-470E-8CEA-4B333B906172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "30D6A539-5523-4E52-854A-82CDCDBDFC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CA841B0B-8FA9-45F9-9B60-7C9BD1A92E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "91907AEA-D84F-4DD9-AD22-41E563182FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D200DE0F-D8BB-460D-928E-E59473F84B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5103A1E1-670A-4527-9FB8-9D8B0DA506D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "500E5BD7-3F17-455F-8463-50B145128873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE4C532-1756-4B2E-94EE-8F8253281F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6875BE-67F1-4E0E-A610-7B6EDBAB6431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "29A09BDA-DA05-4512-9E39-14819C410CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5650520-0CCA-47C1-A7B8-8A6129BE6B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1FAB76-B1DB-400E-9224-09E82D9A8847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D18950-F883-47D1-B95B-6F46F2F6F701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5D1CF3-66DF-4000-BEC7-760367856891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "B469D7A8-9CF5-4AF7-802F-E43752AF18F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3AA3FD-BB0E-4164-85EB-30613900C4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "44D12F07-097C-4F21-9D97-AF3ABAA1C089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188."
}
],
"id": "CVE-2004-1187",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
},
{
"lang": "es",
"value": "xine-lib v1.1.12 y versiones anteriores a v1.1.15, no comprueba que pueda fallar malloc en circunstancias que incluyen (1) la funci\u00f3n mymng_process_header en demux_mng.c, (2) la funci\u00f3n open_mod_file en demux_mod.c y (3) frame_buffer allocation en la funci\u00f3n real_parse_audio_specific_data en demux_real.c; esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia manipulado."
}
],
"id": "CVE-2008-5233",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/47747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/47747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c."
},
{
"lang": "es",
"value": "xine-lib anterior a 1.1.15 realiza marcos de video V4L preasignados antes del establecimiento de la longitud requerida, la cu\u00e1l tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con un desbordamiento de b\u00fafer en la funci\u00f3n open_video_capture_device en src/input/input_v4l.c."
}
],
"id": "CVE-2008-5245",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-28 01:45
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mimms:mimms:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8336443A-DE31-4DD7-AA6A-82D7B33332A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en libmms, utilizado por (a) MiMMs v0.0.9 y (b) xine-lib v1.1.0 y versiones anteriores, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) send_command, (2) string_utf16, (3) get_data, y (4) funciones get_media_packet ,y posiblemente otras funciones.\r\n\r\n"
}
],
"id": "CVE-2006-2200",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-28T01:45:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20749"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20948"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20964"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21023"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21036"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21139"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23218"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23512"
},
{
"source": "security@debian.org",
"url": "http://security.gentoo.org/glsa/glsa-200607-07.xml"
},
{
"source": "security@debian.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842"
},
{
"source": "security@debian.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/18608"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/usn-309-1"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/usn-315-1"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200607-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.433842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-309-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-315-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2487"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_rc2 | |
| xine | xine-lib | 1_rc3a | |
| xine | xine-lib | 1_rc3b | |
| xine | xine-lib | 1_rc3c | |
| xine | xine-lib | 1_rc4 | |
| xine | xine-lib | 1_rc5 | |
| xine | xine-lib | 1_rc5_r2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5_r2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CE4165-ED54-4AFC-A584-C145A96819D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL."
}
],
"id": "CVE-2004-1455",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://open-security.org/advisories/6"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12194/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10890"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109284737628045\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open-security.org/advisories/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12194/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16930"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file."
}
],
"id": "CVE-2004-1300",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-07 10:04
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
}
],
"id": "CVE-2006-1664",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-07T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19853"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19856"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28666"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015868"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17370"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-14 21:07
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A8D011-D000-4E99-B4F9-3C7EDCDF3166",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and \"bad indexes\", a different vulnerability than CVE-2005-4048 and CVE-2006-2802."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en ffmpeg para xine-lib anterior a 1.1.2 podr\u00eda permitir a atacantes (locales o remotos dependiendo del contexto) ejecutar c\u00f3digo de su elecci\u00f3n mediante \"\u00edndices err\u00f3neos\" en un archivo AVI especialmente construido. Es una vulnerabilidad diferente a CVE-2005-4048 y CVE-2006-2802."
}
],
"id": "CVE-2006-4799",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-14T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22230"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23213"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.us.debian.org/security/2006/dsa-1215"
},
{
"source": "cve@mitre.org",
"url": "http://xinehq.de/index.php/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-358-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xinehq.de/index.php/news"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file."
},
{
"lang": "es",
"value": "demux_qt.c de xine-lib v1.1.12, y otra v1.1.15 y versiones anteriores, no valida el campo contador antes de hacer una llamada calloc para una asignaci\u00f3n atom de STSD_ATOM. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia manipulado."
}
],
"id": "CVE-2008-5242",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
],
"id": "CVE-2004-1475",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"source": "cve@mitre.org",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via \"MP3 files with metadata consisting only of separators.\""
},
{
"lang": "es",
"value": "xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegaci\u00f3n de servicio(ca\u00edda)a trav\u00e9s de \"archivos MP3 con metadatos que consisten \u00fanicamente de separadores.\""
}
],
"id": "CVE-2008-5248",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32505"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-10 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3884A0-FDCE-4AB1-993E-835BD5897A61",
"versionEndIncluding": "1.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n rmff_dump_cont en la biblioteca input/libreal/rmff.c en xine-lib versi\u00f3n 1.1.9 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del atributo SDP Abstract en una sesi\u00f3n RTSP, relacionada a la funci\u00f3n rmff_dump_header y relacionada con la omisi\u00f3n del campo max. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0225",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-10T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28489"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28507"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28674"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28955"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31393"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=567872"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1472"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27198"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0163"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/xinermffhof-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=567872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value."
},
{
"lang": "es",
"value": "xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, se basa en un valor de entrada no confiable para determinar la localizaci\u00f3n de memoria y no comprobar el resultado para (1) el elemento pista de entrada MATROSKA_ID_TR_CODECPRIVATE procesado por demux_matroska.c; y (2) PROP_TAG, (3) MDPR_TAG, y (4) CONT_TAG trozos procesados por la funci\u00f3n real_parse_headers en demux_real.c; el cual permite a los atacantes remotos causar una denegaci\u00f3n de servicios (putero nulo no referenciado y ca\u00edda) o posiblemente ejecuta c\u00f3digo arbitrario a trav\u00e9s de un valor manipulado."
}
],
"id": "CVE-2008-5240",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/47742"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/47742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows."
},
{
"lang": "es",
"value": "xine-lib v1.1.12 y otra v1.1.15 y versiones anteriores; no maneja adecuadamente los valores (a) negative y (b) zero durante las llamadas no especificadas a la funci\u00f3n read en file.c, input_net.c, input_smb.c e input_http.c. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores como (1) un fichero o (2) una respuesta HTTP, esto provoca consecuencias como lecturas fuera de rango y desbordamientos de b\u00fafer basados en pila."
}
],
"id": "CVE-2008-5239",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA01448-09E3-4DA9-A817-BFD7A4460F66",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) un metadato manipulado de tama\u00f1o at\u00f3mico procesado por la funci\u00f3n parse_moov_atom en demux_qt.c y (2) un marco leyendo en la funci\u00f3n id3v23_interp_frame en id3.c. NOTA: a fecha de 22-11-2008, es posible que el vector 1 no se haya fijado en 1.1.15.\r\n\r\n\r\n"
}
],
"evaluatorComment": "http://secunia.com/advisories/31502\r\n\r\n1) Multiple integer overflows exist within the processing of ID3 tags in src/demuxers/id3.c. These can be exploited to cause heap-based buffer overflows via overly large ID3 frame header size fields.\r\n\r\n2) Multiple boundary errors exist within the \"demux_real_send_chunk()\" function in src/demuxers/demux_real.c. These can potentially be exploited to cause heap-based buffer overflows via specially crafted Real Media files.\r\n\r\n3) A boundary error exists within the \"open_video_capture_device()\" function in src/input/input_v4l.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted V4L stream.\r\n\r\n4) A boundary error exists within the \"parse_moov_atom()\" function in src/demuxers/demux_qt.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted Quicktime file.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of arbitrary code.\r\n\r\nThe vulnerabilities are reported in versions prior to 1.1.15.",
"evaluatorSolution": "http://secunia.com/advisories/31502\r\n\r\nSolution:\r\nUpdate to version 1.1.15, which fixes vulnerabilities #1-#3. (as noted above).",
"id": "CVE-2008-5234",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-26 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine-lib | * | |
| xine | xine-lib | 0.9.13 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1 | |
| xine | xine-lib | 1.0 | |
| xine | xine-lib | 1.0.1 | |
| xine | xine-lib | 1.0.2 | |
| xine | xine-lib | 1.0.3a | |
| xine | xine-lib | 1.1.0 | |
| xine | xine-lib | 1.1.1 | |
| xine | xine-lib | 1.1.2 | |
| xine | xine-lib | 1.1.3 | |
| xine | xine-lib | 1.1.4 | |
| xine | xine-lib | 1.1.5 | |
| xine | xine-lib | 1.1.6 | |
| xine | xine-lib | 1.1.7 | |
| xine | xine-lib | 1.1.8 | |
| xine | xine-lib | 1.1.9 | |
| xine | xine-lib | 1.1.9.1 | |
| xine | xine-lib | 1.1.10 | |
| xine | xine-lib | 1.1.10.1 | |
| xine | xine-lib | 1.1.11 | |
| xine | xine-lib | 1.1.11.1 | |
| xine | xine-lib | 1.1.12 | |
| xine | xine-lib | 1.1.13 | |
| xine | xine-lib | 1.1.14 | |
| xine | xine-lib | 1_beta1 | |
| xine | xine-lib | 1_beta2 | |
| xine | xine-lib | 1_beta3 | |
| xine | xine-lib | 1_beta4 | |
| xine | xine-lib | 1_beta5 | |
| xine | xine-lib | 1_beta6 | |
| xine | xine-lib | 1_beta7 | |
| xine | xine-lib | 1_beta8 | |
| xine | xine-lib | 1_beta9 | |
| xine | xine-lib | 1_beta10 | |
| xine | xine-lib | 1_beta11 | |
| xine | xine-lib | 1_beta12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EF5A16-DDEC-4B06-8A6E-E02594FC6FED",
"versionEndIncluding": "1.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "BC32E976-3FB3-44DE-89EE-FF0E89D97090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "336D216E-5C30-4328-A422-DE134CABA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "39B6FDDB-139E-4CAC-A1C9-69E4AB542357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CCC58298-4DD7-47C4-BFA7-04596B21D646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "EB72C6CE-4D90-42FD-BFAF-AB31EBC34BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "3AA7BF0D-063D-4FD4-9AF2-69A0DF31579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "5BEFC0C7-1D8D-421B-B193-8A574AC8C712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42736C09-AF59-45F7-A324-2A725F8C0AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "30F3E90C-01A5-4085-8BA4-B5FA05BEA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "91ACDCA2-F0CD-4133-85A1-FC95E703CB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "58B3AEE5-1A56-464E-9EB2-F06E25FA5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "EEB5AC92-03F5-44F2-89CC-B6E8BA69C55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5AC68CC2-969C-4596-AA38-AE10BFE1D5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877230F8-6040-4CE3-A882-1290D19D27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401AE3C4-3829-487D-B66E-F71705BDD3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46BF90AB-3B32-4899-8179-BDB9EB449760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE0C90-2DD1-49D2-AE4C-1D21B81EF812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2AF7B5-09C3-4E32-B981-E0D9F88E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CF963-7DA9-455C-BB7E-2EE9AACD6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E515D538-80FA-4069-B466-1EC4F84EE5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "64546B22-3230-413A-BE51-E51F54B4A39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "686115E3-6BC0-4E9E-A0A7-9896F639FDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F27CC-0D88-42C0-93B4-87C1A4FA3DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B75F992-1E85-491D-99FF-2ABE4228B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFE3B5A-2AF7-4F0B-9364-A06DD19F4BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C68EFD39-5F34-41DD-9897-A28A6BD190A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error."
},
{
"lang": "es",
"value": "La funci\u00f3n real_parse_headers en demux_real.c en xine-lib 1.1.12, y otras v1.1.15 y versiones anteriores, conf\u00eda en un valor de longitud de entrada no confiable a \"reindexar en un b\u00fafer asignado\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un valor manipulado, probablemente un error de \u00edndice de array."
}
],
"id": "CVE-2008-5243",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2025-04-09 00:30
Severity ?
Summary
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter."
},
{
"lang": "es",
"value": "Error de \u00edndice de array en la funci\u00f3n sdpplin_parse de input/libreal/sdpplin.c en xine-lib 1.1.10.1 permite a servidores RTSP remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro streamid SDP grande."
}
],
"id": "CVE-2008-0073",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T22:44:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28694"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29392"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29472"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29578"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29601"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=585488\u0026group_id=9655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.392408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://xinehq.de/index.php/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}