EUVD-2007-0257

Malware in sbrugna...

USN-433-1: Xine vulnerability

Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges...

CVE-2007-0255

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a certain M3U file that contains a long EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

CVE-2004-1951

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the 1 audio.sunaudiodevice or 2 dxr3.devicename options in an MRL link...

CVE-2004-1188

The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

CVE-2004-1188

The pnmgetchunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLESIZE, which causes a read operation with a negative length that leads to a buffer overflow via 1 RMFTAG, 2 DATATAG,...

xine 0.99.2 Remote Stack Overflow Exploit

Exploit for linux platform in category remote exploits ========================================= xine 0.99.2 Remote Stack Overflow Exploit ========================================= / $ An open security advisory 6 - Xine vcd MRL input identifier management overflow 1: Bug Researcher:...

MPlayer/xine buffer overflow

Buffer overflow on parsing RTSP protocol...

CVE-2004-0372

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the 1 xine-bugreport or 2 xine-check scripts...

CVE-2004-0372

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the 1 xine-bugreport or 2 xine-check scripts...