CVSS: 4.3EPSS: 2%CPEs: 49EXPL: 0CVE-2008-5247
https://notcve.org/view.php?id=CVE-2008-5247
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. La función real_parse_audio_specific_data en demux_real.c en xine-lib v1.1.12, y otros 1.1.15 y versiones anteriores, utiliza un valor de altura no confiable (también conocido como codec_data_length) como divisor, lo que permite a atacantes remotos provocar una denegación de servicio (error de dicisión por cero y caída) mediante un valor cero. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2008-5248
https://notcve.org/view.php?id=CVE-2008-5248
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegación de servicio(caída)a través de "archivos MP3 con metadatos que consisten únicamente de separadores." • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 http://www.securityfocus.com/bid/32505 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 10%CPEs: 48EXPL: 0CVE-2008-5246
https://notcve.org/view.php?id=CVE-2008-5246
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples desbordamientos de búfer basados en montículo en xine-lib anterior a 1.1.15; permiten a atacantes remotos ejecutar código de su elección a a través de vectores que envían datos ID3 a las funciones (1) id3v22_interp_frame Y (2) id3v24_interp_frame en src/demuxers/id3.c. NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/47677 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.securityfocus.com/bid/30698 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44468 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 48EXPL: 0CVE-2008-5245
https://notcve.org/view.php?id=CVE-2008-5245
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. xine-lib anterior a 1.1.15 realiza marcos de video V4L preasignados antes del establecimiento de la longitud requerida, la cuál tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con un desbordamiento de búfer en la función open_video_capture_device en src/input/input_v4l.c. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31502 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.securityfocus.com/bid/30698 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44470 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 39EXPL: 0CVE-2008-5237
https://notcve.org/view.php?id=CVE-2008-5237
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string. Múltiples desbordamientos de entero en xine-lib 1.1.12, y otros 1.1.15 y versiones anteriores, permiten a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código de su elección mediante (1) valores de altura y anchura manipulados que no se validan por al función mymng_process_header en demux_mng.c antes de usarse en un cálculo de asignación o (2)valores current_atom_size y string_size manipulados procesados por la función arse_reference_atom en demux_qt.c. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://secunia.com/advisories/33544 http://securityreason.com/securityalert/4648 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://exchange.xforce.ibmcloud.com/vulnerabilities/44652 https://www.redhat.com&#x • CWE-189: Numeric Errors •