Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2009/11/16 12:0 a.m.35 views

Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:299)

Vulnerabilities have been discovered and corrected in xine-lib : - Integer overflow in the qterror parsetrakatom function in demuxers/demuxqt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom,...

9.3CVSS6.8AI score0.06664EPSS
Exploits2References2
CVE
CVE
added 2009/04/08 6:0 p.m.62 views

CVE-2009-1274

CVE-2009-1274 : xine-lib = 1.1.16.3, or apply vendor-provided patches/workarounds. In practice, affected products rely on updates such as Gentoo’s recommendation: emerge --sync && emerge --oneshot --verbose

5CVSS7.8AI score0.05059EPSS
Exploits1References17Affected Software1
seebug.org
seebug.org
added 2009/04/08 12:0 a.m.22 views

xine-lib STTS QuickTime原子整数溢出漏洞

BUGTRAQ ID: 34384 xine是一款免费的媒体播放器,支持多种格式。 Xine-lib在解析Quicktime电影文件的畸形STTS原子时存在整数溢出漏洞,本地或远程攻击者可以利用这个漏洞以使用xine库应用程序的权限执行任意代码。以下是/src/demuxers/demuxqt.c中的有漏洞代码段: ... 840 static qterror parsetrakatom qttrak trak, 841 unsigned char trakatom ... 1535 else if currentatom == STTSATOM 1536 1537 / there...

6.9AI score
Exploits0
NVD
NVD
added 2008/11/26 1:30 a.m.17 views

CVE-2008-5242

demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSDATOM atom allocation, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted media file...

6.8CVSS7.7AI score0.03138EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2008/11/26 1:30 a.m.21 views

CVE-2008-5237

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via 1 crafted width and height values that are not validated by the mymngprocessheader function in demuxmng.c before u...

10CVSS6.2AI score0.0555EPSS
Exploits0References4
Prion
Prion
added 2008/11/26 1:30 a.m.18 views

Integer overflow

Integer underflow in demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service crash via a crafted media file that results in a small value of moovatomsize in a compressed MOV aka CMOVATOM...

4.3CVSS6.4AI score0.01798EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2008/11/26 1:30 a.m.26 views

CVE-2008-5241

Integer underflow in demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service crash via a crafted media file that results in a small value of moovatomsize in a compressed MOV aka CMOVATOM...

4.3CVSS5.9AI score0.01798EPSS
Exploits0References4
Prion
Prion
added 2008/11/26 1:30 a.m.23 views

Heap overflow

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to 1 a crafted metadata atom size processed by the parsemoovatom function in demuxqt.c and 2 frame reading in the id3v23interpframe...

9.3CVSS7.6AI score0.05748EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2008/11/26 1:0 a.m.24 views

CVE-2008-5242

demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSDATOM atom allocation, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted media file...

7.9AI score0.03138EPSS
Exploits0References9
Cvelist
Cvelist
added 2008/11/26 1:0 a.m.35 views

CVE-2008-5234

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to 1 a crafted metadata atom size processed by the parsemoovatom function in demuxqt.c and 2 frame reading in the id3v23interpframe...

7.7AI score0.05748EPSS
Exploits0References17
Cvelist
Cvelist
added 2008/11/26 1:0 a.m.25 views

CVE-2008-5241

Integer underflow in demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service crash via a crafted media file that results in a small value of moovatomsize in a compressed MOV aka CMOVATOM...

7.1AI score0.01798EPSS
Exploits0References10
CVE
CVE
added 2008/11/26 1:0 a.m.59 views

CVE-2008-5242

The CVE-2008-5242 issue affects xine-lib up to 1.1.12/1.1.15, where demux_qt.c does not validate the count before calloc for STSD_ATOM, allowing a crafted media file to cause a denial of service and possibly execute arbitrary code. Publicly documented impacts include remote code execution in the ...

6.8CVSS7.9AI score0.03138EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2008/11/26 1:0 a.m.70 views

CVE-2008-5241

CVE-2008-5241: Integer underflow in xine-lib's demux_qt.c affects 1.1.12 and earlier 1.1.15 (and older); a crafted QuickTime/MOV file with a small moov_atom_size can crash the player (remote DoS). Remediation per Gentoo GLSA-201006-04 is to upgrade xine-lib to a fixed version (>= 1.1.16.3). Ot...

4.3CVSS7.1AI score0.01798EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder