Search criteria
42 vulnerabilities found for xine by xine
FKIE_CVE-2008-5238
Vulnerability from fkie_nvd - Published: 2008-11-26 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | * | |
| xine | xine | 0.9.13 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1.0 | |
| xine | xine | 1.0.1 | |
| xine | xine | 1.0.2 | |
| xine | xine | 1.0.3a | |
| xine | xine | 1.1.0 | |
| xine | xine | 1.1.1 | |
| xine | xine | 1.1.2 | |
| xine | xine | 1.1.3 | |
| xine | xine | 1.1.4 | |
| xine | xine | 1.1.10.1 | |
| xine | xine | 1.1.11 | |
| xine | xine | 1.1.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE7CC5D-F1D1-487C-A18C-A47970ED9B6D",
"versionEndIncluding": "1.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
"matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
"matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
"matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
"matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2A24E4-CB4A-4D71-804F-63DA24563D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n real_parse_mdp en demux_real.c en xine-lib 1.1.12, y otras versiones anteriores a 1.1.15, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un campo stream_name_size manipulado."
}
],
"id": "CVE-2008-5238",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5236
Vulnerability from fkie_nvd - Published: 2008-11-26 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | * | |
| xine | xine | 0.9.13 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1.0 | |
| xine | xine | 1.0.1 | |
| xine | xine | 1.0.2 | |
| xine | xine | 1.0.3a | |
| xine | xine | 1.1.0 | |
| xine | xine | 1.1.1 | |
| xine | xine | 1.1.2 | |
| xine | xine | 1.1.3 | |
| xine | xine | 1.1.4 | |
| xine | xine | 1.1.10.1 | |
| xine | xine | 1.1.11 | |
| xine | xine | 1.1.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52E2289A-767D-445B-8AF5-4201E3806F78",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
"matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
"matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
"matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
"matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2A24E4-CB4A-4D71-804F-63DA24563D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en xine-lib v1.1.12 y otra v1.1.15 y versiones anteriores , permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) un tama\u00f1o manipulado del elemento EBML procesado por la funci\u00f3n parse_block_group en demux_matroska.c; (2) una determinada combinaci\u00f3n de los valores \"sps\", \"w\" y \"h\" procesados por las funciones real_parse_audio_specific_data y demux_real_send_chunk functions en demux_real.c y (3) una combinaci\u00f3n no especificada de tres valores procesados por la funci\u00f3n open_ra_file en demux_realaudio.c. NOTA: Al parecer el vector 2 existe por una reparaci\u00f3n incompleta en la v1.1.15."
}
],
"id": "CVE-2008-5236",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31502"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/47744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/47744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5235
Vulnerability from fkie_nvd - Published: 2008-11-26 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | * | |
| xine | xine | 0.9.13 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1.0 | |
| xine | xine | 1.0.1 | |
| xine | xine | 1.0.2 | |
| xine | xine | 1.0.3a | |
| xine | xine | 1.1.0 | |
| xine | xine | 1.1.1 | |
| xine | xine | 1.1.2 | |
| xine | xine | 1.1.3 | |
| xine | xine | 1.1.10.1 | |
| xine | xine | 1.1.11 | |
| xine | xine | 1.1.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0396208F-AF6E-4AB2-8C1B-9BC438121C5C",
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
"matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
"matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
"matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
"matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n demux_real_send_chunk en src/demuxers/demux_real.c en xine-lib antes de v1.1.15 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Real Media manipulado. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-5235",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-26T01:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2382"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5237
Vulnerability from fkie_nvd - Published: 2008-11-26 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | * | |
| xine | xine | 0.9.13 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1 | |
| xine | xine | 1.0 | |
| xine | xine | 1.0.1 | |
| xine | xine | 1.0.2 | |
| xine | xine | 1.0.3a | |
| xine | xine | 1.1.0 | |
| xine | xine | 1.1.1 | |
| xine | xine | 1.1.2 | |
| xine | xine | 1.1.3 | |
| xine | xine | 1.1.4 | |
| xine | xine | 1.1.10.1 | |
| xine | xine | 1.1.11 | |
| xine | xine | 1.1.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52E2289A-767D-445B-8AF5-4201E3806F78",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A119AB14-EDB5-4C79-9058-60E610636728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:*",
"matchCriteriaId": "44C4B2D6-DBAE-46CF-BE49-FC221B340726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:*",
"matchCriteriaId": "197D04B5-8053-484F-A070-894BC9611C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:*",
"matchCriteriaId": "B2B22E87-6736-4C5B-A1A6-A3EA0064C10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4F2CD2BA-DFFD-4A9C-8B09-4793BB723717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B993E680-B4FE-4DE5-800C-1E6B7C44849A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7100421-9BF9-4A07-AD54-C3D9CDCFBF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D6BE4F65-E942-4259-94E3-95E7F95B2E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:*",
"matchCriteriaId": "4DCD596C-B080-4A98-BF14-57DDC370CCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4272CD6A-E384-4035-A09A-C63927191CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:*",
"matchCriteriaId": "1D5828FA-6320-4983-AA70-ADFE9B475EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6E12B75F-1820-42F9-8B7C-3024D5C37B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc0a:*:*:*:*:*:*",
"matchCriteriaId": "31B68858-0176-4CB0-B015-256EC1796D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41844D73-EE25-4835-A9C5-08AADDA2CE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "52EFFE9E-6A25-4A27-B483-96AA4A7C7660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BA4F-0814-45C4-93C8-04DBFF8FC8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3a:*:*:*:*:*:*",
"matchCriteriaId": "8D49B22F-8C56-4842-8DE7-36011523E150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3b:*:*:*:*:*:*",
"matchCriteriaId": "4B643DB4-63D2-4BA1-89B4-2EF813771718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc3c:*:*:*:*:*:*",
"matchCriteriaId": "C4FC619B-E611-4996-A12B-37830FD5B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "61D3DB46-02A6-4D63-B052-2458FB181DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:*",
"matchCriteriaId": "5083B06C-C9B2-4011-B8B0-23FECE2DD100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A03425FA-BB45-4FF4-B551-2A63129BDFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc6a:*:*:*:*:*:*",
"matchCriteriaId": "A9B68EA2-EBCA-4272-B43E-9C2916447869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "C609073D-30DF-42BF-B515-773205601FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1:rc8:*:*:*:*:*:*",
"matchCriteriaId": "DD535324-2B5B-4535-A33B-29487F8FA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "449D32E9-C204-4429-8DE5-9677BEC1DEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC157F9-D90C-4457-A17B-A4DB52E92855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C23D9-14FC-4264-B85B-1E0D67FA73B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C1C896-C115-451D-840A-2DE3430B6D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "464603A5-ECBE-486A-BFC9-921D0B4D39D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0A1D4E-A0C5-4063-A354-1D8782A89A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2A24E4-CB4A-4D71-804F-63DA24563D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB6DB2-E29D-48E2-A092-B9D99230C383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06E97F97-F3E4-48F8-BC24-E88AF98B93A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCA9DB3-5F48-4078-84D2-CC65E04058F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en xine-lib 1.1.12, y otros 1.1.15 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) valores de altura y anchura manipulados que no se validan por al funci\u00f3n mymng_process_header en demux_mng.c antes de usarse en un c\u00e1lculo de asignaci\u00f3n o (2)valores current_atom_size y string_size manipulados procesados por la funci\u00f3n arse_reference_atom en demux_qt.c."
}
],
"id": "CVE-2008-5237",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-26T01:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0255
Vulnerability from fkie_nvd - Published: 2007-01-16 23:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB39798-F8B4-4C20-95C4-4FC5DCB0495A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017."
},
{
"lang": "es",
"value": "XINE 0.99.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante ciertos ficheros M3U que contienen una linea #EXTINF larga y contiene especificadores de formato en un URI udp:// inv\u00e1lido, posiblemente una variante de CVE-2007-0017."
}
],
"id": "CVE-2007-0255",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31666"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23931"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2230
Vulnerability from fkie_nvd - Published: 2006-05-05 19:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB39798-F8B4-4C20-95C4-4FC5DCB0495A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability."
}
],
"id": "CVE-2006-2230",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-05T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1093"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17769"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1905
Vulnerability from fkie_nvd - Published: 2006-04-20 10:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xine | xine | 0.9.8 | |
| xine | xine | 0.9.13 | |
| xine | xine | 0.9.18 | |
| xine | xine | 1.0 | |
| xine | xine | 1.0.1 | |
| xine | xine | 1_alpha | |
| xine | xine | 1_beta1 | |
| xine | xine | 1_beta2 | |
| xine | xine | 1_beta3 | |
| xine | xine | 1_beta4 | |
| xine | xine | 1_beta5 | |
| xine | xine | 1_beta6 | |
| xine | xine | 1_beta7 | |
| xine | xine | 1_beta8 | |
| xine | xine | 1_beta9 | |
| xine | xine | 1_beta10 | |
| xine | xine | 1_beta11 | |
| xine | xine | 1_beta12 | |
| xine | xine | 1_rc0 | |
| xine | xine | 1_rc0a | |
| xine | xine | 1_rc1 | |
| xine | xine | 1_rc2 | |
| xine | xine | 1_rc3 | |
| xine | xine | 1_rc3a | |
| xine | xine | 1_rc3b | |
| xine | xine | 1_rc4 | |
| xine | xine | 1_rc5 | |
| xine | xine | 1_rc6 | |
| xine | xine | 1_rc6a | |
| xine | xine | 1_rc7 | |
| xine | xine | 1_rc8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234EF75C-C5AA-4FAA-85C7-77EFBB35AF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02215-E511-4974-8AE3-834CAE630D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
],
"id": "CVE-2006-1905",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://open-security.org/advisories/16"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19671"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19854"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20066"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015959"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open-security.org/advisories/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1187
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD73BA0-D315-4ADA-A942-8DCC2A920B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "710ACCE6-B3E3-474A-B78B-5A123EC24DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "55D3C3E6-862E-470E-8CEA-4B333B906172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "30D6A539-5523-4E52-854A-82CDCDBDFC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CA841B0B-8FA9-45F9-9B60-7C9BD1A92E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "91907AEA-D84F-4DD9-AD22-41E563182FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D200DE0F-D8BB-460D-928E-E59473F84B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "5103A1E1-670A-4527-9FB8-9D8B0DA506D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "500E5BD7-3F17-455F-8463-50B145128873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE4C532-1756-4B2E-94EE-8F8253281F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6875BE-67F1-4E0E-A610-7B6EDBAB6431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E74EBC5-296E-4B20-8BCB-F104D06595AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "29A09BDA-DA05-4512-9E39-14819C410CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5650520-0CCA-47C1-A7B8-8A6129BE6B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1FAB76-B1DB-400E-9224-09E82D9A8847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D18950-F883-47D1-B95B-6F46F2F6F701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mplayer:mplayer:head_cvs:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5D1CF3-66DF-4000-BEC7-760367856891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5DCF4D-41B4-45D3-8F7C-6985A8B15888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "56DE52C9-2381-483F-956D-C83503EBA664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "61348912-55CB-4789-A1ED-9CA7BF77ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "367A04A4-10DE-4CDA-BF81-349C65213169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC260B04-C616-4A6A-9773-D535EA8A45AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "72DEB448-0F57-40FD-889E-6C8AC6920C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE750368-54FD-4CCD-AFF7-B26B3A4BA539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "58476B06-9E48-4649-8761-B32FE01BA7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CE8EF1-0578-4E12-A87D-832978ED484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DF434D-3BE2-4BCF-A6FC-397475830FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA95FC2-2082-4367-AD3D-0F876972E5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "005EA1B5-7717-4CBD-9D21-249A5A497D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "19A33FCB-47FE-4F2E-9043-1F13805F0F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1A9A53-860B-41CF-8BFD-4792775765E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "5246E535-1B8F-4BC1-AD1D-9BFA7BF28D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "C247EF56-6E67-41DA-8C49-C9310C42B8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "9790E7B0-E2D3-4DA5-915A-D236446E1B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5CCDF-3472-4994-A47A-5A94D10F1C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFC4559-D7E3-4C75-8B79-85A79067E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3544B231-8C98-42D1-A2B2-E62109BDD796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69FEB8-DFE6-4241-9341-D8A4929F0FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "99D8D224-15C4-4D15-9A04-4A1F3E1F63B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F469DA5D-6020-4490-B671-2CEFB151C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "283D1C9D-00E5-456E-8E82-52963B9A07F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5CAA8-B9CF-4036-9BB1-B6096A0B7A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65FB6DA-EDA1-4727-9896-6A27FAB555BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "45DC5988-4C25-49CA-BB7C-5933EDD8F460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B24F7-BDE5-4EE7-8141-70777B7BAFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "65ABAD66-13A3-495C-920E-5E39D1EBDB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "B469D7A8-9CF5-4AF7-802F-E43752AF18F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C87793C-6577-4E67-BBFD-768FAF1BF88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE9819F-A620-41A6-A102-41746457753F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6474F-C678-498C-9A61-287E2FDD8B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "06402BDD-77EA-447A-8C34-E1A0F41D0628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "7387773A-81F1-464A-9489-E103C51BED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A03194CD-2CFA-4F11-90DE-3573BA06B6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39D002-E323-423D-8895-9179DFDF6535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "73E621C7-A5BA-4D71-9D57-4311360FF3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "B08810F9-377D-49C4-A9A8-E2EE42EDF2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA12911-93D8-4DFE-A31C-FEB9E7F7ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "9C13E4FD-A874-4366-A426-19665B43F1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "75965D14-6EFC-4F1D-B343-FD593FB37048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F8891F-7FE9-44F3-95A5-282E8B3BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F146421-8772-4B2C-B202-097BE15F8472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F4701-C5CC-4FBA-AFF6-5AB890306AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF6387-6E37-4310-8893-7228DC01607E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3a:*:*:*:*:*:*:*",
"matchCriteriaId": "3295F345-26D0-4B23-848F-83CFE067EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3b:*:*:*:*:*:*:*",
"matchCriteriaId": "D2915303-7347-4811-B7D2-5AF367081797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc3c:*:*:*:*:*:*:*",
"matchCriteriaId": "6976E802-011F-44A2-B668-F9D643FC7A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "08B7236E-DCFB-40DB-BFC8-88F8491BBD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF4423C-790B-411A-9AEC-2B36DA0140AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3AA3FD-BB0E-4164-85EB-30613900C4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc6a:*:*:*:*:*:*:*",
"matchCriteriaId": "44D12F07-097C-4F21-9D97-AF3ABAA1C089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xine:xine-lib:1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "74D09DD6-7878-4136-AE31-A45CF9234061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188."
}
],
"id": "CVE-2004-1187",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20\u0026r2=1.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=176\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-5236 (GCVE-0-2008-5236)
Vulnerability from cvelistv5 – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5236",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5235 (GCVE-0-2008-5235)
Vulnerability from cvelistv5 – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5235",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5238 (GCVE-0-2008-5238)
Vulnerability from cvelistv5 – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5238",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5237 (GCVE-0-2008-5237)
Vulnerability from cvelistv5 – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5237",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0255 (GCVE-0-2007-0255)
Vulnerability from cvelistv5 – Published: 2007-01-16 23:00 – Updated: 2024-08-07 12:12
VLAI?
Summary
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"refsource": "OSVDB",
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0255",
"datePublished": "2007-01-16T23:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2230 (GCVE-0-2006-2230)
Vulnerability from cvelistv5 – Published: 2006-05-05 19:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2230",
"datePublished": "2006-05-05T19:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1905 (GCVE-0-2006-1905)
Vulnerability from cvelistv5 – Published: 2006-04-20 10:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200604-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200604-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"name": "http://open-security.org/advisories/16",
"refsource": "MISC",
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"name": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1905",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1951 (GCVE-0-2004-1951)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11433"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-1",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-2",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1951",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1476 (GCVE-0-2004-1476)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1476",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1475 (GCVE-0-2004-1475)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1475",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1379 (GCVE-0-2004-1379)
Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-5",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1379",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5236 (GCVE-0-2008-5236)
Vulnerability from nvd – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31567"
},
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "xinelib-openrafile-bo(44642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "xinelib-parseblockgroup-bo(44634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "ADV-2008-2427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2427"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "47744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47744"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5236",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5235 (GCVE-0-2008-5235)
Vulnerability from nvd – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "31502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31502"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "30698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30698"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5235",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5238 (GCVE-0-2008-5238)
Vulnerability from nvd – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020703"
},
{
"name": "xinelib-realparsemdpr-bo(44650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5238",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5237 (GCVE-0-2008-5237)
Vulnerability from nvd – Published: 2008-11-26 01:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30797"
},
{
"name": "33544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33544"
},
{
"name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
"refsource": "MISC",
"url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
},
{
"name": "4648",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4648"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "xinelib-parsereferenceatom-dos(44652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44652"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5237",
"datePublished": "2008-11-26T01:00:00",
"dateReserved": "2008-11-25T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0255 (GCVE-0-2007-0255)
Vulnerability from nvd – Published: 2007-01-16 23:00 – Updated: 2024-08-07 12:12
VLAI?
Summary
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22252"
},
{
"name": "20070110 VLC Format String Vulnerability also in XINE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456523/100/0/threaded"
},
{
"name": "23931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23931"
},
{
"name": "MDKSA-2007:154",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:154"
},
{
"name": "31666",
"refsource": "OSVDB",
"url": "http://osvdb.org/31666"
},
{
"name": "MDKSA-2007:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0255",
"datePublished": "2007-01-16T23:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2230 (GCVE-0-2006-2230)
Vulnerability from nvd – Published: 2006-05-05 19:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060429 XINE format string bugs when handling non existen file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded"
},
{
"name": "17769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17769"
},
{
"name": "xine-mainc-format-string(26216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216"
},
{
"name": "DSA-1093",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2230",
"datePublished": "2006-05-05T19:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1905 (GCVE-0-2006-1905)
Vulnerability from nvd – Published: 2006-04-20 10:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200604-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200604-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml"
},
{
"name": "http://open-security.org/advisories/16",
"refsource": "MISC",
"url": "http://open-security.org/advisories/16"
},
{
"name": "1015959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015959"
},
{
"name": "19854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19854"
},
{
"name": "20060418 Remote Xine Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431251/100/0/threaded"
},
{
"name": "19671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19671"
},
{
"name": "ADV-2006-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1432"
},
{
"name": "24747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24747"
},
{
"name": "17579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17579"
},
{
"name": "MDKSA-2006:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:085"
},
{
"name": "20066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20066"
},
{
"name": "SUSE-SA:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "xine-playlist-format-string(25851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25851"
},
{
"name": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=15429845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1905",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1951 (GCVE-0-2004-1951)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11433"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-1",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-1"
},
{
"name": "10193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10193"
},
{
"name": "xine-mrl-file-overwrite(15939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15939"
},
{
"name": "SSA:2004-111",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.372791"
},
{
"name": "http://www.xinehq.de/index.php/security/XSA-2004-2",
"refsource": "CONFIRM",
"url": "http://www.xinehq.de/index.php/security/XSA-2004-2"
},
{
"name": "GLSA-200404-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-20.xml"
},
{
"name": "5739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5739"
},
{
"name": "5594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1951",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1476 (GCVE-0-2004-1476)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "xine-videocd-disk-bo(17431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1476",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1475 (GCVE-0-2004-1475)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11206"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-4",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-4"
},
{
"name": "20040907 XSA-2004-4: multiple string overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0"
},
{
"name": "xine-subtitle-bo(17432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17432"
},
{
"name": "GLSA-200408-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200408-18.xml"
},
{
"name": "xine-videocd-mrl-bo(17430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17430"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1475",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1379 (GCVE-0-2004-1379)
Vulnerability from nvd – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-dvd-subpicture-bo(17423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17423"
},
{
"name": "SSA:2004-266",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.320308"
},
{
"name": "http://xinehq.de/index.php/security/XSA-2004-5",
"refsource": "CONFIRM",
"url": "http://xinehq.de/index.php/security/XSA-2004-5"
},
{
"name": "DSA-657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-657"
},
{
"name": "11205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11205"
},
{
"name": "20040906 XSA-2004-5: heap overflow in DVD subpicture decoder",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0"
},
{
"name": "GLSA-200409-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml"
},
{
"name": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1379",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}