26 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 49EXPL: 0

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. Vulnerabilidad no especificada en xine-lib anterior a v1.1.15, tiene un impacto desconocido y vectores de ataque relacionados con libfaad. NOTA: Debido a la falta de detalles, no está claro si es una vulnerabilidad que afecta a xine-lib o a libfaad. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 •

CVSS: 4.3EPSS: 4%CPEs: 49EXPL: 0

xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, se basa en un valor de entrada no confiable para determinar la localización de memoria y no comprobar el resultado para (1) el elemento pista de entrada MATROSKA_ID_TR_CODECPRIVATE procesado por demux_matroska.c; y (2) PROP_TAG, (3) MDPR_TAG, y (4) CONT_TAG trozos procesados por la función real_parse_headers en demux_real.c; el cual permite a los atacantes remotos causar una denegación de servicios (putero nulo no referenciado y caída) o posiblemente ejecuta código arbitrario a través de un valor manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://secunia.com/advisories/33544 http://securityreason.com/securityalert/4648 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.osvdb.org/47742 http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 1%CPEs: 49EXPL: 0

Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). Desbordamiento inferior de búfer en demux_qt.c en xine-lib 1.1.12, y otras 1.1.15 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) mediante un archivo media manipulado que resulta en un valor pequeño de moov_atom_size en un MOV comprimido (también conocido como CMOV_ATOM). • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://exchange.xforce.ibmcloud.com/vulnerabilities/44656 https://www.redhat.com/archives/fedora-package-announce/2008-Septe • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 2%CPEs: 49EXPL: 0

The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. La función real_parse_audio_specific_data en demux_real.c en xine-lib v1.1.12, y otros 1.1.15 y versiones anteriores, utiliza un valor de altura no confiable (también conocido como codec_data_length) como divisor, lo que permite a atacantes remotos provocar una denegación de servicio (error de dicisión por cero y caída) mediante un valor cero. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegación de servicio(caída)a través de "archivos MP3 con metadatos que consisten únicamente de separadores." • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 http://www.securityfocus.com/bid/32505 • CWE-20: Improper Input Validation •