CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 2CVE-2006-1664 – Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-1664
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. • https://www.exploit-db.com/exploits/1641 http://bugs.gentoo.org/show_bug.cgi?id=128838 http://secunia.com/advisories/19853 http://secunia.com/advisories/19856 http://secunia.com/advisories/28666 http://securitytracker.com/id?1015868 http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608 http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml http://www.securityfocus.com/bid/17370 http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl&# •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 2CVE-2005-2967 – Xine-Lib 1.1 - 'Media Player Library' Remote Format String
https://notcve.org/view.php?id=CVE-2005-2967
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. • https://www.exploit-db.com/exploits/1242 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html http://secunia.com/advisories/17097 http://secunia.com/advisories/17099 http://secunia.com/advisories/17111 http://secunia.com/advisories/17132 http://secunia.com/advisories/17162 http://secunia.com/advisories/17179 http://secunia.com/advisories/17282 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454 http://www.debian.org/ •
CVSS: 5.1EPSS: 0%CPEs: 17EXPL: 0CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17431 •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1CVE-2004-1475 – xine 0.99.2 - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2004-1475
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 http://security.gentoo.org/glsa/glsa-200408-18.xml http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0 http://www.securityfocus.com/bid/11206 http://xinehq.de/index.php/security/XSA-2004-4 https://exchange.xforce.ibmcloud.com/vulnerabilities/17430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17432 •
CVSS: 10.0EPSS: 4%CPEs: 78EXPL: 0CVE-2004-1187
https://notcve.org/view.php?id=CVE-2004-1187
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 •