Page 5 of 29 results (0.007 seconds)

CVSS: 5.1EPSS: 4%CPEs: 2EXPL: 0

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Desbordamiento de búfer basado en pila en libmms, utilizado por (a) MiMMs v0.0.9 y (b) xine-lib v1.1.0 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (cuelgue de aplicación) y posiblemente ejecutar código arbitrario a través de (1) send_command, (2) string_utf16, (3) get_data, y (4) funciones get_media_packet ,y posiblemente otras funciones. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577 http://secunia.com/advisories/20749 http://secunia.com/advisories/20948 http://secunia.com/advisories/20964 http://secunia.com/advisories/21023 http://secunia.com/advisories/21036 http://secunia.com/advisories/21139 http://secunia.com/advisories/23218 http://secunia.com/advisories/23512 http://security.gentoo.org/glsa/glsa-200607-07.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 20%CPEs: 5EXPL: 3

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. Desbordamiento de búfer en el HTTP Plugin (xineplug_inp_http.so) para xine-lib 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una respuesta larga de un servidor HTTP, según lo demostrado usando gxine 0.5.6. • https://www.exploit-db.com/exploits/1852 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html http://secunia.com/advisories/20369 http://secunia.com/advisories/20549 http://secunia.com/advisories/20766 http://secunia.com/advisories/20828 http://secunia.com/advisories/20942 http://secunia.com/advisories/21919 http://security.gentoo.org/glsa/glsa-200609-08.xml http://www.debian.org/security/2006/dsa-1105 http://www.mandriva.com/security/advisories?name= •

CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 2

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. • https://www.exploit-db.com/exploits/1641 http://bugs.gentoo.org/show_bug.cgi?id=128838 http://secunia.com/advisories/19853 http://secunia.com/advisories/19856 http://secunia.com/advisories/28666 http://securitytracker.com/id?1015868 http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608 http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml http://www.securityfocus.com/bid/17370 http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl&# •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 2

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. • https://www.exploit-db.com/exploits/1242 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html http://secunia.com/advisories/17097 http://secunia.com/advisories/17099 http://secunia.com/advisories/17111 http://secunia.com/advisories/17132 http://secunia.com/advisories/17162 http://secunia.com/advisories/17179 http://secunia.com/advisories/17282 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454 http://www.debian.org/ •

CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 http://security.gentoo.org/glsa/glsa-200408-18.xml http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17432 •