CVE-2008-5248
https://notcve.org/view.php?id=CVE-2008-5248
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators." xine-lib anterior a 1.1.15 permite a atacantes remotos causar una denegación de servicio(caída)a través de "archivos MP3 con metadatos que consisten únicamente de separadores." • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 http://www.securityfocus.com/bid/32505 • CWE-20: Improper Input Validation •
CVE-2008-3231
https://notcve.org/view.php?id=CVE-2008-3231
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. xine-lib en versiones anteriores a 1.1.15, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo OGG diseñado, como es demostrado al reproducir lol-ffplay.ogg con xine. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.openwall.com/lists/oss-security/2008/07/13/3 http://www.securityfocus.com/bid/30699 http://www.securitytracker.com/id?1020703 http://www.vupen.com/english/advisories/2008/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/44040 https: • CWE-20: Improper Input Validation •
CVE-2008-1686 – libfishsound: insufficient boundary checks
https://notcve.org/view.php?id=CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de función. • http://blog.kfish.org/2008/04/release-libfishsound-091.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html http://secunia.com/advisories/29672 http://secunia.com/advisories/29727 http://secunia.com/advisories/29835 http://secunia.com/advisories/29845 http://secunia.com/advisories/29854 http://secunia.com/advisories/29866 http://secunia.com/advisories/29878 http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2006-1905 – Xine 0.9/1.0 - Playlist Handling Remote Format String
https://notcve.org/view.php?id=CVE-2006-1905
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. • https://www.exploit-db.com/exploits/27670 http://open-security.org/advisories/16 http://secunia.com/advisories/19671 http://secunia.com/advisories/19854 http://secunia.com/advisories/20066 http://securitytracker.com/id?1015959 http://sourceforge.net/mailarchive/message.php?msg_id=15429845 http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:085 http://www.novell.com/linux/security/advisories/2006_05_05.html http& •
CVE-2004-1951 – Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. • https://www.exploit-db.com/exploits/24038 http://secunia.com/advisories/11433 http://security.gentoo.org/glsa/glsa-200404-20.xml http://www.osvdb.org/5594 http://www.osvdb.org/5739 http://www.securityfocus.com/bid/10193 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 http://www.xinehq.de/index.php/security/XSA-2004-1 http://www.xinehq.de/index.php/security/XSA-2004-2 https://exchange.xforce.ibmcloud.com/vulnerabi •