Lucene search
K

7 matches found

NVD
NVD
added 2008/11/26 1:30 a.m.17 views

CVE-2008-5247

The realparseaudiospecificdata function in demuxreal.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height aka codecdatalength value as a divisor, which allow remote attackers to cause a denial of service divide-by-zero error and crash via a zero value...

4.3CVSS6.4AI score0.01511EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2008/11/26 1:30 a.m.11 views

CVE-2008-5238

Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...

7.1CVSS6.2AI score0.03646EPSS
Exploits0References3
NVD
NVD
added 2008/11/26 1:30 a.m.14 views

CVE-2008-5238

Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...

7.1CVSS7.9AI score0.03646EPSS
Exploits0References11
Prion
Prion
added 2008/11/26 1:30 a.m.23 views

Heap overflow

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to 1 a crafted metadata atom size processed by the parsemoovatom function in demuxqt.c and 2 frame reading in the id3v23interpframe...

9.3CVSS7.6AI score0.05748EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2008/11/26 1:0 a.m.29 views

CVE-2008-5247

The realparseaudiospecificdata function in demuxreal.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height aka codecdatalength value as a divisor, which allow remote attackers to cause a denial of service divide-by-zero error and crash via a zero value...

7.2AI score0.01511EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2008/11/25 12:0 a.m.23 views

CVE-2008-5242

demuxqt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSDATOM atom allocation, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted media file...

6.8CVSS6.2AI score0.03138EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2008/04/17 12:0 a.m.22 views

xinelib-overflow.txt

xine-lib title = strdup&header0x0E; demuxnsfsendchunk: 122: char title100; 162: sprintftitle, "%s, song %d/%d", this-title, this-currentsong, this-totalsongs; - Affected applications http://xinehq.de/index.php/releases - PoC perl -e 'print "\x4E\x45\x53\x4D\x1A\x01\x01\x01\x80\x80\x18\x8A\x03\x8A...

7.4AI score
Exploits0
Rows per page
Query Builder