Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1536-1
HistoryMar 31, 2008 - 12:00 a.m.

xine-lib - several vulnerabilities

2008-03-3100:00:00
Google
osv.dev
8

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
execution, which could be exploited through viewing malicious content.
The Common Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2007-1246 / CVE-2007-1387
    The DMO_VideoDecoder_Open function does not set the biSize before use in a
    memcpy, which allows user-assisted remote attackers to cause a buffer overflow
    and possibly execute arbitrary code (applies to sarge only).
  • CVE-2008-0073
    Array index error in the sdpplin_parse function allows remote RTSP servers
    to execute arbitrary code via a large streamid SDP parameter.
  • CVE-2008-0486
    Array index vulnerability in libmpdemux/demux_audio.c might allow remote
    attackers to execute arbitrary code via a crafted FLAC tag, which triggers
    a buffer overflow (applies to etch only).
  • CVE-2008-1161
    Buffer overflow in the Matroska demuxer allows remote attackers to cause a
    denial of service (crash) and possibly execute arbitrary code via a Matroska
    file with invalid frame sizes.

For the old stable distribution (sarge), these problems have been fixed in
version 1.0.1-1sarge7.

For the stable distribution (etch), these problems have been fixed in version
1.1.2+dfsg-6.

For the unstable distribution (sid), these problems have been fixed in
version 1.1.11-1.

We recommend that you upgrade your xine-lib package.

Related

openvas 62
nessus 37
debian 3
ubuntucve 6
debiancve 5
cve 6
prion 6
gentoo 6
securityvulns 7
ubuntu 3
seebug 3
coresecurity 1
fedora 5
freebsd 3
exploitpack 1
redhatcve 1
slackware 2
packetstorm 1
exploitdb 1
osv 2
openvas
openvas
Debian Security Advisory DSA 1536-1 (xine-lib)
2008-04-07 00:00:00
Debian: Security Advisory (DSA-1536-1)
2008-04-07 00:00:00
Gentoo Security Advisory GLSA 200705-21 (mplayer)
2008-09-24 00:00:00
nessus
nessus
Debian DSA-1536-1 : libxine - several vulnerabilities
2008-04-01 00:00:00
GLSA-200705-21 : MPlayer: Two buffer overflows
2007-06-01 00:00:00
Mandrake Linux Security Advisory : mplayer (MDKSA-2007:055)
2007-03-12 00:00:00
debian
debian
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
2008-03-31 20:52:02
[SECURITY] [DSA 1496-1] New mplayer packages fix arbitrary code execution
2008-02-12 23:00:25
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities
2008-04-09 19:26:39
ubuntucve
ubuntucve
CVE-2007-1387
2007-03-13 00:00:00
CVE-2007-1246
2007-03-03 00:00:00
CVE-2008-1161
2008-03-10 00:00:00
debiancve
debiancve
CVE-2007-1387
2007-03-13 19:19:00
CVE-2007-1246
2007-03-03 19:19:00
CVE-2008-0486
2008-02-05 12:00:00
cve
cve
CVE-2007-1387
2007-03-13 19:19:00
CVE-2007-1246
2007-03-03 19:19:00
CVE-2008-1161
2008-03-10 22:44:00
prion
prion
Buffer overflow
2007-03-13 19:19:00
Buffer overflow
2007-03-03 19:19:00
Buffer overflow
2008-03-10 22:44:00
gentoo
gentoo
MPlayer: Two buffer overflows
2007-05-30 00:00:00
xine-lib: Heap-based buffer overflow
2007-04-14 00:00:00
xine-lib: User-assisted execution of arbitrary code
2008-02-26 00:00:00
securityvulns
securityvulns
MPlayer DMO player buffer overflow
2007-03-01 00:00:00
[ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability
2008-02-16 00:00:00
CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
2008-02-05 00:00:00
ubuntu
ubuntu
xine-lib vulnerabilities
2008-08-06 00:00:00
Xine vulnerability
2007-03-12 00:00:00
Xine vulnerability
2007-03-09 00:00:00
seebug
seebug
MPlayer demux_audio.cθΏœη¨‹ζ ˆζΊ’ε‡ΊζΌζ΄ž
2008-02-14 00:00:00
MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC
2008-03-26 00:00:00
xine-lib sdpplin_parse()ε‡½ζ•°θΏœη¨‹ζΊ’ε‡ΊζΌζ΄ž
2008-03-21 00:00:00
coresecurity
coresecurity
MPlayer 1.0rc2 Buffer Overflow Vulnerability
2008-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: xine-lib-1.1.10.1-1.fc7
2008-02-13 05:12:05
[SECURITY] Fedora 8 Update: xine-lib-1.1.10.1-1.fc8
2008-02-13 05:06:27
[SECURITY] Fedora 8 Update: xine-lib-1.1.11-1.fc8
2008-03-21 22:06:16
freebsd
freebsd
libxine -- buffer overflow vulnerability
2007-02-08 00:00:00
mplayer -- DMO File Parsing Buffer Overflow Vulnerability
2007-02-11 00:00:00
mplayer -- multiple vulnerabilities
2008-02-05 00:00:00
exploitpack
exploitpack
MPlayer 1.0 rc2 - sdpplin_parse() Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
redhatcve
redhatcve
CVE-2008-0073
2019-10-04 21:36:03
slackware
slackware
[slackware-security] xine-lib
2008-03-30 00:05:12
[slackware-security] xine-lib
2007-04-20 02:55:26
packetstorm
packetstorm
mplayer-overflowpoc.txt
2008-03-26 00:00:00
exploitdb
exploitdb
MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
osv
osv
mplayer - arbitrary code execution
2008-02-12 00:00:00
vlc - several vulnerabilities
2008-04-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-1536-1
openvas62nessus37debian3ubuntucve6debiancve5cve6prion6gentoo6securityvulns7ubuntu3seebug3coresecurity1fedora5freebsd3exploitpack1redhatcve1slackware2packetstorm1exploitdb1osv2