CVE-2008-5233
https://notcve.org/view.php?id=CVE-2008-5233
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. xine-lib v1.1.12 y versiones anteriores a v1.1.15, no comprueba que pueda fallar malloc en circunstancias que incluyen (1) la función mymng_process_header en demux_mng.c, (2) la función open_mod_file en demux_mod.c y (3) frame_buffer allocation en la función real_parse_audio_specific_data en demux_real.c; esto permite a atacantes remotos provocar una denegación de servicio (caída) o puede que ejecutar código de su elección a través de un fichero multimedia manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31827 http://securityreason.com/securityalert/4648 http://securitytracker.com/id?1020703 http://sourceforge.net/project/shownotes.php?release_id=619869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 http://www.ocert.org/analysis/2008-008/analysis.txt http://www.osvdb.org/47747 http://www.securityfocus.com/archive/1/495674/100/0/threaded http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-1905 – Xine 0.9/1.0 - Playlist Handling Remote Format String
https://notcve.org/view.php?id=CVE-2006-1905
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. • https://www.exploit-db.com/exploits/27670 http://open-security.org/advisories/16 http://secunia.com/advisories/19671 http://secunia.com/advisories/19854 http://secunia.com/advisories/20066 http://securitytracker.com/id?1015959 http://sourceforge.net/mailarchive/message.php?msg_id=15429845 http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:085 http://www.novell.com/linux/security/advisories/2006_05_05.html http& •
CVE-2005-1195
https://notcve.org/view.php?id=CVE-2005-1195
Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u http://seclists.org/lists/bugtraq/2005/Apr/0337.html http://secunia.com/advisories/15014 http://securitytracker.com/id?1013771 http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 http:/ •
CVE-2004-1455
https://notcve.org/view.php?id=CVE-2004-1455
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. • http://marc.info/?l=bugtraq&m=109284737628045&w=2 http://open-security.org/advisories/6 http://secunia.com/advisories/12194 http://www.gentoo.org/security/en/glsa/glsa-200408-18.xml http://www.securityfocus.com/bid/10890 https://exchange.xforce.ibmcloud.com/vulnerabilities/16930 •
CVE-2004-1951 – Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. • https://www.exploit-db.com/exploits/24038 http://secunia.com/advisories/11433 http://security.gentoo.org/glsa/glsa-200404-20.xml http://www.osvdb.org/5594 http://www.osvdb.org/5739 http://www.securityfocus.com/bid/10193 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791 http://www.xinehq.de/index.php/security/XSA-2004-1 http://www.xinehq.de/index.php/security/XSA-2004-2 https://exchange.xforce.ibmcloud.com/vulnerabi •