Page 4 of 22 results (0.011 seconds)

CVSS: 9.3EPSS: 11%CPEs: 40EXPL: 0

CVE-2008-1686 – libfishsound: insufficient boundary checks

https://notcve.org/view.php?id=CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de función. • http://blog.kfish.org/2008/04/release-libfishsound-091.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html http://secunia.com/advisories/29672 http://secunia.com/advisories/29727 http://secunia.com/advisories/29835 http://secunia.com/advisories/29845 http://secunia.com/advisories/29854 http://secunia.com/advisories/29866 http://secunia.com/advisories/29878 http://secunia.com/advisories • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

CVE-2008-0486

https://notcve.org/view.php?id=CVE-2008-0486

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Vulnerabilidad de índice de array en libmpdemux/demux_audio.c de MPlayer 1.0rc2 y SVN antes de r25917, y posiblemente versiones anteriores, como se utilizó en Xine-lib 1.1.10. Podría permitir a atacantes remotos ejecutar código de su elección a través de una etiqueta FLAC manipulada que provoca un desbordamiento de búfer. • http://bugs.gentoo.org/show_bug.cgi?id=209106 http://bugs.xine-project.org/show_bug.cgi?id=38 http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28779 http://secunia.com/advisories/28801 http://secunia.com/advisories/28918 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/28989 http://secunia& • CWE-189: Numeric Errors •

CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1

CVE-2004-1475 – xine 0.99.2 - Remote Stack Overflow

https://notcve.org/view.php?id=CVE-2004-1475

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 http://security.gentoo.org/glsa/glsa-200408-18.xml http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17432 •

CVSS: 5.1EPSS: 0%CPEs: 17EXPL: 0

CVE-2004-1476

https://notcve.org/view.php?id=CVE-2004-1476

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17431 •

CVSS: 10.0EPSS: 4%CPEs: 78EXPL: 0

CVE-2004-1187

https://notcve.org/view.php?id=CVE-2004-1187

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 •