CVE-2008-5233
https://notcve.org/view.php?id=CVE-2008-5233
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. xine-lib v1.1.12 y versiones anteriores a v1.1.15, no comprueba que pueda fallar malloc en circunstancias que incluyen (1) la función mymng_process_header en demux_mng.c, (2) la función open_mod_file en demux_mod.c y (3) frame_buffer allocation en la función real_parse_audio_specific_data en demux_real.c; esto permite a atacantes remotos provocar una denegación de servicio (caída) o puede que ejecutar código de su elección a través de un fichero multimedia manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.osvdb.org/47747 http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3231
https://notcve.org/view.php?id=CVE-2008-3231
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. xine-lib en versiones anteriores a 1.1.15, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo OGG diseñado, como es demostrado al reproducir lol-ffplay.ogg con xine. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.openwall.com/lists/oss-security/2008/07/13/3 http://www.securityfocus.com/bid/30699 http://www.securitytracker.com/id?1020703 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44040 https: • CWE-20: Improper Input Validation •
CVE-2008-1878 – Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1878
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title. Desbordamiento de búfer basada en pila en la función demux_nsf_send_chunk en el src/demuxers/demux_nsf.c en xine-lib 1.1.12 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un título NSF largo. • https://www.exploit-db.com/exploits/5458 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/29850 http://secunia.com/advisories/30021 http://secunia.com/advisories/30337 http://secunia.com/advisories/30581 http://secunia.com/advisories/31372 http://secunia.com/advisories/31393 http://security.gentoo.org/glsa/glsa-200808-01.xml http://www.debian.org/security/2008/dsa-1586 http://www.mandriva.com/security/advisories?name=M • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1686 – libfishsound: insufficient boundary checks
https://notcve.org/view.php?id=CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de función. • http://blog.kfish.org/2008/04/release-libfishsound-091.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html http://secunia.com/advisories/29672 http://secunia.com/advisories/29727 http://secunia.com/advisories/29835 http://secunia.com/advisories/29845 http://secunia.com/advisories/29854 http://secunia.com/advisories/29866 http://secunia.com/advisories/29878 http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2008-1110 – Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1110
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664. Desbordamiento de búfer en demuxers/demux_asf.c (también conocido como ASF demuxer) en la extensión xineplug_dmx_asf.so de xine-lib before 1.1.10 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída) a través de una cabecera ASF manipulada. NOTA: esta cuestión provoca una caída cuando un atacante utiliza el código del exploit CVE-2006-1664, pero esto es diferente a CVE-2006-1664. • https://www.exploit-db.com/exploits/1641 http://bugs.gentoo.org/show_bug.cgi?id=208100 http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset%3Bnode=fb6d089b520dca199ef16a046da28c50c984c2d2%3Bstyle=gitweb http://secunia.com/advisories/29141 http://secunia.com/advisories/31393 http://security.gentoo.org/glsa/glsa-200802-12.xml http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608 http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 http://www.ubuntu.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •