CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-0238
https://notcve.org/view.php?id=CVE-2008-0238
11 Jan 2008 — Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples desbordamientos de la pila dinámica (heap) en la función rmff_dump_cont contenida en ... • http://bugs.gentoo.org/show_bug.cgi?id=205197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2008-0225 – Xine-Lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0225
10 Jan 2008 — Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. Un desbordamiento del búfer en la región heap de la memoria en la función rmff_dump_cont en la biblioteca input/libreal/rmff.c en xine-lib versi... • https://www.exploit-db.com/exploits/31002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-4799
https://notcve.org/view.php?id=CVE-2006-4799
14 Sep 2006 — Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Desbordamiento de búfer en ffmpeg para xine-lib anterior a 1.1.2 podría permitir a atacantes (locales o remotos dependiendo del contexto) ejecutar código de su elección mediante "índices erróneos" en un archivo AVI especialmente construido. Es una vulnerabilidad diferente a CVE-2005-4048... • http://secunia.com/advisories/22230 •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2006-2200
https://notcve.org/view.php?id=CVE-2006-2200
27 Jun 2006 — Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Desbordamiento de búfer basado en pila en libmms, utilizado por (a) MiMMs v0.0.9 y (b) xine-lib v1.1.0 y versiones anteriores, permite a atacantes remotos causar una denegación ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 3CVE-2006-2802 – gxine 0.5.6 - HTTP Plugin Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-2802
03 Jun 2006 — Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. Desbordamiento de búfer en el HTTP Plugin (xineplug_inp_http.so) para xine-lib 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una respuesta larga de un servidor HTTP, según lo demostrado usando gxine 0.5.6. • https://www.exploit-db.com/exploits/1852 •
CVSS: 9.8EPSS: 7%CPEs: 7EXPL: 2CVE-2006-1664 – Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-1664
07 Apr 2006 — Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. • https://www.exploit-db.com/exploits/1641 •
CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 2CVE-2005-2967 – Xine-Lib 1.1 - 'Media Player Library' Remote Format String
https://notcve.org/view.php?id=CVE-2005-2967
14 Oct 2005 — Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. • https://www.exploit-db.com/exploits/1242 •
CVSS: 9.8EPSS: 5%CPEs: 10EXPL: 1CVE-2004-1475 – xine 0.99.2 - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2004-1475
31 Dec 2004 — Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
31 Dec 2004 — Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml •
CVSS: 10.0EPSS: 5%CPEs: 78EXPL: 0CVE-2004-1187
https://notcve.org/view.php?id=CVE-2004-1187
22 Dec 2004 — Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 •