CVE-2006-2230 – Xine 0.99.x - Filename Handling Remote Format String
https://notcve.org/view.php?id=CVE-2006-2230
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability. • https://www.exploit-db.com/exploits/27791 http://www.debian.org/security/2006/dsa-1093 http://www.securityfocus.com/archive/1/432598/100/0/threaded http://www.securityfocus.com/bid/17769 https://exchange.xforce.ibmcloud.com/vulnerabilities/26216 •
CVE-2006-1905 – Xine 0.9/1.0 - Playlist Handling Remote Format String
https://notcve.org/view.php?id=CVE-2006-1905
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. • https://www.exploit-db.com/exploits/27670 http://open-security.org/advisories/16 http://secunia.com/advisories/19671 http://secunia.com/advisories/19854 http://secunia.com/advisories/20066 http://securitytracker.com/id?1015959 http://sourceforge.net/mailarchive/message.php?msg_id=15429845 http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:085 http://www.novell.com/linux/security/advisories/2006_05_05.html http& •
CVE-2004-1951 – Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. • https://www.exploit-db.com/exploits/24038 http://secunia.com/advisories/11433 http://security.gentoo.org/glsa/glsa-200404-20.xml http://www.osvdb.org/5594 http://www.osvdb.org/5739 http://www.securityfocus.com/bid/10193 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 http://www.xinehq.de/index.php/security/XSA-2004-1 http://www.xinehq.de/index.php/security/XSA-2004-2 https://exchange.xforce.ibmcloud.com/vulnerabi •
CVE-2004-1475 – xine 0.99.2 - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2004-1475
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 http://security.gentoo.org/glsa/glsa-200408-18.xml http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17432 •
CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17431 •