CVSS: 9.3EPSS: 3%CPEs: 38EXPL: 0CVE-2008-5235
https://notcve.org/view.php?id=CVE-2008-5235
26 Nov 2008 — Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función demux_real_send_chunk en src/demuxers/demux_real.c en xine-lib antes de v1.1.15 permite a atacantes remotos ejecutar código de su elección mediante un archivo Real Media manipulado. ... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 39EXPL: 0CVE-2008-5236
https://notcve.org/view.php?id=CVE-2008-5236
26 Nov 2008 — Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in d... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 39EXPL: 0CVE-2008-5237
https://notcve.org/view.php?id=CVE-2008-5237
26 Nov 2008 — Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string. Múltiples desbordamientos de enter... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 39EXPL: 0CVE-2008-5238
https://notcve.org/view.php?id=CVE-2008-5238
26 Nov 2008 — Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. Desbordamiento de entero en la función real_parse_mdp en demux_real.c en xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código de su elección a través de ... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 8%CPEs: 31EXPL: 2CVE-2006-1905 – Xine 0.9/1.0 - Playlist Handling Remote Format String
https://notcve.org/view.php?id=CVE-2006-1905
20 Apr 2006 — Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. • https://www.exploit-db.com/exploits/27670 •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2005-1195
https://notcve.org/view.php?id=CVE-2005-1195
21 Apr 2005 — Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u •
CVSS: 8.8EPSS: 4%CPEs: 18EXPL: 1CVE-2004-1455
https://notcve.org/view.php?id=CVE-2004-1455
31 Dec 2004 — Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. • http://marc.info/?l=bugtraq&m=109284737628045&w=2 •
CVSS: 9.8EPSS: 5%CPEs: 10EXPL: 1CVE-2004-1475 – xine 0.99.2 - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2004-1475
31 Dec 2004 — Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. • https://www.exploit-db.com/exploits/386 •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
31 Dec 2004 — Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 2CVE-2004-1951 – Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1951
31 Dec 2004 — xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. • https://www.exploit-db.com/exploits/24038 •