Filtered by vendor Xine
Subscriptions
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0698 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | ||||
| CVE-2008-5245 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. | ||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2025-04-09 | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2009-1274 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. | ||||
| CVE-2008-3231 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine. | ||||
| CVE-2008-5235 | 1 Xine | 1 Xine | 2025-04-09 | N/A |
| Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1686 | 3 Redhat, Xine, Xiph | 4 Enterprise Linux, Xine-lib, Libfishsound and 1 more | 2025-04-09 | N/A |
| Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||||
| CVE-2008-5233 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | ||||
| CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | ||||
| CVE-2008-5241 | 1 Xine | 1 Xine-lib | 2025-04-09 | N/A |
| Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). | ||||
| CVE-2005-1195 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2025-04-03 | N/A |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | ||||
| CVE-2004-1034 | 3 Gentoo, Kaffeine, Xine | 3 Linux, Kaffeine Player, Gxine | 2025-04-03 | N/A |
| Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. | ||||
| CVE-2004-1475 | 1 Xine | 2 Xine, Xine-lib | 2025-04-03 | N/A |
| Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | ||||
| CVE-2005-1692 | 1 Xine | 1 Gxine | 2025-04-03 | N/A |
| Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. | ||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | ||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2025-04-03 | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | ||||
| CVE-2006-2802 | 1 Xine | 2 Gxine, Xine-lib | 2025-04-03 | N/A |
| Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | ||||
| CVE-2004-1187 | 3 Mandrakesoft, Mplayer, Xine | 4 Mandrake Linux, Mplayer, Xine and 1 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | ||||
| CVE-2004-1300 | 1 Xine | 1 Xine-lib | 2025-04-03 | N/A |
| Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | ||||
| CVE-2004-1476 | 2 Suse, Xine | 3 Suse Linux, Xine, Xine-lib | 2025-04-03 | N/A |
| Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | ||||