Xine-lib Security Vulnerabilities and Issues — Xine-lib CVE List

Lucene search

XineXine-lib

9 matches found

CVE•added 2006/04/07 10:4 a.m.•84 views

CVE-2006-1664

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

7.5CVSS7.5AI score0.07142EPSS

CVE•added 2005/05/02 4:0 a.m.•67 views

CVE-2005-1195

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.

7.5CVSS7.3AI score0.01744EPSS

CVE•added 2005/01/19 5:0 a.m.•58 views

CVE-2004-1379

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.

7.5CVSS7.7AI score0.0354EPSS

CVE•added 2008/02/05 12:0 p.m.•55 views

CVE-2008-0486

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

7.5CVSS7.3AI score0.0457EPSS

CVE•added 2006/09/14 9:7 p.m.•53 views

CVE-2006-4799

Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

7.5CVSS7.4AI score0.08957EPSS

CVE•added 2008/04/17 10:5 p.m.•51 views

CVE-2008-1878

Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.

7.5CVSS7.7AI score0.06108EPSS

CVE•added 2005/10/14 10:2 a.m.•49 views

CVE-2005-2967

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

7.5CVSS7.2AI score0.11331EPSS

CVE•added 2009/02/23 3:30 p.m.•49 views

CVE-2009-0698

Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.

7.5CVSS7.1AI score0.11552EPSS

CVE•added 2008/01/11 9:46 p.m.•45 views

CVE-2008-0238

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-022...

7.5CVSS7.2AI score0.06729EPSS