CVSS: 9.8EPSS: 6%CPEs: 40EXPL: 0CVE-2008-1686 – libfishsound: insufficient boundary checks
https://notcve.org/view.php?id=CVE-2008-1686
08 Apr 2008 — Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores... • http://blog.kfish.org/2008/04/release-libfishsound-091.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 4CVE-2008-1482 – Xine-Lib 1.1.11 - Multiple Heap Remote Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1482
24 Mar 2008 — Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers ... • https://www.exploit-db.com/exploits/31462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2008-0073 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0073
24 Mar 2008 — Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Error de índice de array en la función sdpplin_parse de input/libreal/sdpplin.c en xine-lib 1.1.10.1 permite a servidores RTSP remotos ejecutar código de su elección a través de un parámetro streamid SDP grande. • https://www.exploit-db.com/exploits/5498 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2008-1110 – Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1110
29 Feb 2008 — Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664. Desbordamiento de búfer en demuxers/demux_asf.c (también conocido como ASF demuxer) en la extensión xineplug_dmx_asf.so de xine-lib before 1.1.10 permi... • https://www.exploit-db.com/exploits/1641 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 1CVE-2008-0486
https://notcve.org/view.php?id=CVE-2008-0486
05 Feb 2008 — Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Vulnerabilidad de índice de array en libmpdemux/demux_audio.c de MPlayer 1.0rc2 y SVN antes de r25917, y posiblemente versiones anteriores, como se utilizó en Xine-lib 1.1.10. Podría permitir a atacantes remotos ejecutar código de su elección a ... • http://bugs.gentoo.org/show_bug.cgi?id=209106 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-0238
https://notcve.org/view.php?id=CVE-2008-0238
11 Jan 2008 — Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples desbordamientos de la pila dinámica (heap) en la función rmff_dump_cont contenida en ... • http://bugs.gentoo.org/show_bug.cgi?id=205197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2008-0225 – Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0225
10 Jan 2008 — Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. Un desbordamiento del búfer en la región heap de la memoria en la función rmff_dump_cont en la biblioteca input/libreal/rmff.c en xine-lib versi... • https://www.exploit-db.com/exploits/31002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2007-0254
https://notcve.org/view.php?id=CVE-2007-0254
16 Jan 2007 — Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. Vulnerabilidad de cadena de formato en la función errors_create_window en errors.c de xine-ui permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://osvdb.org/31594 •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2007-0255
https://notcve.org/view.php?id=CVE-2007-0255
16 Jan 2007 — XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. XINE 0.99.4 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección mediante ciertos ficheros M3U que contien... • http://osvdb.org/31666 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2006-6172
https://notcve.org/view.php?id=CVE-2006-6172
30 Nov 2006 — Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Desbordamiento de búfer en la función asmrp_eval para el extensión de entrada a Real Media permite a atacantes remotos provocar una denegación de servicio y la posibilida... • http://secunia.com/advisories/23218 •