Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.40 views

Mandriva Linux Security Advisory : mplayer (MDVSA-2008:219)

A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer CVE-2008-0073. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These...

9.3CVSS6.2AI score0.10852EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.29 views

Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib)

Check for the Version of xine-lib OpenVAS Vulnerability Test Mandriva Update for xine-lib MDVSA-2008:178 xine-lib Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

9.3CVSS0.4AI score0.15038EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.22 views

Fedora Update for xine-lib FEDORA-2008-7572

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7.7AI score0.15038EPSS
Exploits8References2
OpenVAS
OpenVAS
added 2009/02/16 12:0 a.m.20 views

Fedora Update for xine-lib FEDORA-2008-2569

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS6.6AI score0.09171EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.33 views

Gentoo Security Advisory GLSA 200804-25 (vlc)

The remote host is missing updates announced in advisory GLSA 200804-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.17358EPSS
Exploits15
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.17 views

Gentoo Security Advisory GLSA 200808-01 (xine-lib)

The remote host is missing updates announced in advisory GLSA 200808-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.15038EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2008/04/21 12:0 a.m.27 views

Debian Security Advisory DSA 1543-1 (vlc)

The remote host is missing an update to vlc announced via advisory DSA 1543-1. OpenVAS Vulnerability Test $Id: deb15431.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1543-1 vlc Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

10CVSS1.1AI score0.17358EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2008/04/17 12:0 a.m.49 views

Debian DSA-1543-1 : vlc - several vulnerabilities

Luigi Auriemma, Alin Rad Pop, Remi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker...

10CVSS6.6AI score0.17358EPSS
Exploits25References17
Tenable Nessus
Tenable Nessus
added 2008/04/11 12:0 a.m.27 views

Fedora 7 : xine-lib-1.1.11.1-1.fc7 (2008-2945)

This updates xine-lib to 1.1.11.1, which fixes the following security vulnerabilities: CVE-2008-0073 array indexing fixed in 1.1.11, CVE-2008-1482 integer overflow fixed in 1.1.11.1. It also provides a versioned xine-lib plugin-abi so 3rd party packages installing plugins can use it instead of...

6.8CVSS5.5AI score0.09535EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2008/04/07 12:0 a.m.31 views

Debian Security Advisory DSA 1536-1 (xine-lib)

The remote host is missing an update to xine-lib announced via advisory DSA 1536-1. OpenVAS Vulnerability Test $Id: deb15361.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1536-1 xine-lib Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

9.3CVSS1.8AI score0.09171EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2008/04/01 12:0 a.m.29 views

SuSE 10 Security Update : xine (ZYPP Patch Number 5116)

This update fixes a bug in the function sdpplinparse that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. CVE-2008-0073 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

6.8CVSS5.9AI score0.09171EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2008/04/01 12:0 a.m.42 views

Debian DSA-1536-1 : libxine - several vulnerabilities

Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems : -...

9.3CVSS6.5AI score0.09171EPSS
Exploits8References12
Debian
Debian
added 2008/03/31 8:51 p.m.32 views

[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1536-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 31, 2008 http://www.debian.org/security/faq -...

9.3CVSS8.4AI score0.09171EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2008/03/31 12:0 a.m.28 views

openSUSE 10 Security Update : xine-devel (xine-devel-5113)

This update fixes a bug in the function sdpplinparse that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. CVE-2008-0073 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

6.8CVSS5.9AI score0.09171EPSS
Exploits6References1
Slackware Linux
Slackware Linux
added 2008/03/30 12:5 a.m.39 views

[slackware-security] xine-lib

New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0073 Here are the details from the Slackware...

6.8CVSS6.2AI score0.09171EPSS
Exploits6
Packet Storm
Packet Storm
added 2008/03/26 12:0 a.m.43 views

mplayer-overflowpoc.txt

!/usr/bin/perl Huston, mplayer got some vulns! : CVE-2008-0073 also apply to mplayer and vlc with some distinctions. Assuming kernel.varandomize=0 this overwrite EIP with a "stream" structure on my box. The first element of the "stream" structure is a user-supplied buffer so it is not really usef...

6.8CVSS6.3AI score0.09171EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2008/03/26 12:0 a.m.30 views

Fedora 8 : xine-lib-1.1.11-1.fc8 (2008-2569)

Wed Mar 19 2008 Ville Skytta - 1.1.11-1 - 1.1.11 security update, 438182, CVE-2008-0073. - Drop jack and wavpack build conditionals. - Specfile cleanups. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

6.8CVSS5.3AI score0.09171EPSS
Exploits6References3
securityvulns
securityvulns
added 2008/03/25 12:0 a.m.57 views

[Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability

Hello, CVE-2008-0073 apply also to MPlayer and VLC. -MPlayer-1.0-rc2, stream/realrtsp/sdpplin.c: 161: desc-streamid=atoibuf; 283: desc-streamstream-streamid=stream; - vlc-0.8.6e, modules/access/rtsp/realsdpplin.c: 141: desc-streamid=atoibuf; 257: desc-streamstream-streamid=stream; With MPlayer: e...

6.8CVSS0.9AI score0.09171EPSS
Exploits6
OSV
OSV
added 2008/03/24 10:44 p.m.13 views

CVE-2008-0073

Array index error in the sdpplinparse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter...

7.2AI score
Exploits0References34
CVE
CVE
added 2008/03/24 10:0 p.m.81 views

CVE-2008-0073

CVE-2008-0073 affects xine-lib, where an array indexing vulnerability in the SDP parser (sdpplin_parse in input/libreal/sdpplin.c) could allow a remote RTSP server to execute arbitrary code via a large SDP streamid parameter. Public advisories across distros (Ubuntu, Gentoo GLSA, Mandriva/MVL) de...

6.8CVSS7.1AI score0.09171EPSS
Exploits6References34Affected Software1
Rows per page
Query Builder