Filtered by vendor Xine
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
| xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | |||||
| CVE-2007-0255 | 1 Xine | 1 Xine | 2025-04-09 | 9.3 HIGH | N/A |
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | |||||
| CVE-2008-0225 | 1 Xine | 1 Xine-lib | 2025-04-09 | 6.4 MEDIUM | N/A |
| Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1274 | 1 Xine | 1 Xine-lib | 2025-04-09 | 5.0 MEDIUM | N/A |
| Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-5241 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
| Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). | |||||
| CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | |||||
| CVE-2009-0698 | 1 Xine | 1 Xine-lib | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | |||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-6172 | 2 Mplayer, Xine | 2 Mplayer, Real Media Input Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | |||||
| CVE-2008-5246 | 1 Xine | 1 Xine-lib | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-0433 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets. | |||||
| CVE-2004-1034 | 3 Gentoo, Kaffeine, Xine | 3 Linux, Kaffeine Player, Gxine | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. | |||||
| CVE-2004-1187 | 3 Mandrakesoft, Mplayer, Xine | 4 Mandrake Linux, Mplayer, Xine and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | |||||
| CVE-2005-2967 | 1 Xine | 1 Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2025-04-03 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||
| CVE-2004-0372 | 1 Xine | 1 Xine | 2025-04-03 | 2.1 LOW | N/A |
| xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2005-1195 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | |||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | |||||
| CVE-2005-1692 | 1 Xine | 1 Gxine | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. | |||||