| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. |
| xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. |
| Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15. |
| Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM). |
| Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. |
| Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. |
| Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. |
| Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information. |
| Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. |
| The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error. |
| Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. |
| Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. |
| Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability. |
| Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field. |
| Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. |
| Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. |