CVSS: 4.3EPSS: 25%CPEs: 49EXPL: 0CVE-2008-5243
https://notcve.org/view.php?id=CVE-2008-5243
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. La función real_parse_headers en demux_real.c en xine-lib 1.1.12, y otras v1.1.15 y versiones anteriores, confía en un valor de longitud de entrada no confiable a "reindexar en un búfer asignado", lo que permite a atacantes remotos provocar una denegación de servicio (caída) mediante un valor manipulado, probablemente un error de índice de array. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://secunia.com/advisories/33544 http://securityreason.com/securityalert/4648 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://exchange.xforce.ibmcloud.com/vulnerabilities/44658 https://www.redhat.com&#x • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 49EXPL: 0CVE-2008-5244
https://notcve.org/view.php?id=CVE-2008-5244
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. Vulnerabilidad no especificada en xine-lib anterior a v1.1.15, tiene un impacto desconocido y vectores de ataque relacionados con libfaad. NOTA: Debido a la falta de detalles, no está claro si es una vulnerabilidad que afecta a xine-lib o a libfaad. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 •
CVSS: 9.3EPSS: 0%CPEs: 48EXPL: 0CVE-2008-5245
https://notcve.org/view.php?id=CVE-2008-5245
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. xine-lib anterior a 1.1.15 realiza marcos de video V4L preasignados antes del establecimiento de la longitud requerida, la cuál tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con un desbordamiento de búfer en la función open_video_capture_device en src/input/input_v4l.c. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31502 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.securityfocus.com/bid/30698 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44470 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 48EXPL: 0CVE-2008-5246
https://notcve.org/view.php?id=CVE-2008-5246
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples desbordamientos de búfer basados en montículo en xine-lib anterior a 1.1.15; permiten a atacantes remotos ejecutar código de su elección a a través de vectores que envían datos ID3 a las funciones (1) id3v22_interp_frame Y (2) id3v24_interp_frame en src/demuxers/id3.c. NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/47677 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.securityfocus.com/bid/30698 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44468 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 49EXPL: 0CVE-2008-5247
https://notcve.org/view.php?id=CVE-2008-5247
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. La función real_parse_audio_specific_data en demux_real.c en xine-lib v1.1.12, y otros 1.1.15 y versiones anteriores, utiliza un valor de altura no confiable (también conocido como codec_data_length) como divisor, lo que permite a atacantes remotos provocar una denegación de servicio (error de dicisión por cero y caída) mediante un valor cero. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com/bid/30797 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html • CWE-189: Numeric Errors •