CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2008-5248
https://notcve.org/view.php?id=CVE-2008-5248
26 Nov 2008 — xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegación de servicio(caída)a través de "archivos MP3 con metadatos que consisten únicamente de separadores." • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 49EXPL: 0CVE-2008-5242
https://notcve.org/view.php?id=CVE-2008-5242
26 Nov 2008 — demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. demux_qt.c de xine-lib v1.1.12, y otra v1.1.15 y versiones anteriores, no valida el campo contador antes de hacer una llamada calloc para una asignación atom de STSD_ATOM. Esto permite a atacantes remotos provocar una denegació... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 49EXPL: 0CVE-2008-5244
https://notcve.org/view.php?id=CVE-2008-5244
26 Nov 2008 — Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. Vulnerabilidad no especificada en xine-lib anterior a v1.1.15, tiene un impacto desconocido y vectores de ataque relacionados con libfaad. NOTA: Debido a la falta de detalles, no está claro si es una vulnerabilidad que afecta a xine-lib o a libfaad. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html •
CVSS: 6.5EPSS: 1%CPEs: 38EXPL: 1CVE-2008-3231
https://notcve.org/view.php?id=CVE-2008-3231
18 Jul 2008 — xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. xine-lib en versiones anteriores a 1.1.15, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo OGG diseñado, como es demostrado al reproducir lol-ffplay.ogg con xine. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 1CVE-2008-1878 – Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1878
17 Apr 2008 — Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. Desbordamiento de búfer basada en pila en la función demux_nsf_send_chunk en el src/demuxers/demux_nsf.c en xine-lib 1.1.12 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un tí... • https://www.exploit-db.com/exploits/5458 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 40EXPL: 0CVE-2008-1686 – libfishsound: insufficient boundary checks
https://notcve.org/view.php?id=CVE-2008-1686
08 Apr 2008 — Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores... • http://blog.kfish.org/2008/04/release-libfishsound-091.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2008-1110 – Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1110
29 Feb 2008 — Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664. Desbordamiento de búfer en demuxers/demux_asf.c (también conocido como ASF demuxer) en la extensión xineplug_dmx_asf.so de xine-lib before 1.1.10 permi... • https://www.exploit-db.com/exploits/1641 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-0238
https://notcve.org/view.php?id=CVE-2008-0238
11 Jan 2008 — Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples desbordamientos de la pila dinámica (heap) en la función rmff_dump_cont contenida en ... • http://bugs.gentoo.org/show_bug.cgi?id=205197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2008-0225 – Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0225
10 Jan 2008 — Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. Un desbordamiento del búfer en la región heap de la memoria en la función rmff_dump_cont en la biblioteca input/libreal/rmff.c en xine-lib versi... • https://www.exploit-db.com/exploits/31002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
31 Dec 2004 — Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml •