cvelistv5 - cve-2006-1664

CVE-2006-1664 (GCVE-0-2006-1664)

Vulnerability from cvelistv5 – Published: 2006-04-07 10:00 – Updated: 2024-08-07 17:19

Summary

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/19856	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28666	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/data/vulnerabilities…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/19853	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/17370	vdb-entryx_refsource_BID
	http://bugs.gentoo.org/show_bug.cgi?id=128838	x_refsource_CONFIRM
	http://securitytracker.com/id?1015868	vdb-entryx_refsource_SECTRACK
	http://sourceforge.net/project/shownotes.php?grou…	x_refsource_MISC
	https://www.exploit-db.com/exploits/1641	exploitx_refsource_EXPLOIT-DB
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:19:49.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19856"
          },
          {
            "name": "28666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
          },
          {
            "name": "xinelib-mpeg-bo(25670)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
          },
          {
            "name": "FEDORA-2008-1047",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
          },
          {
            "name": "FEDORA-2008-1043",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
          },
          {
            "name": "19853",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19853"
          },
          {
            "name": "17370",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17370"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
          },
          {
            "name": "1015868",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015868"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
          },
          {
            "name": "1641",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/1641"
          },
          {
            "name": "GLSA-200604-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19856"
        },
        {
          "name": "28666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
        },
        {
          "name": "xinelib-mpeg-bo(25670)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
        },
        {
          "name": "FEDORA-2008-1047",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
        },
        {
          "name": "FEDORA-2008-1043",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
        },
        {
          "name": "19853",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19853"
        },
        {
          "name": "17370",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17370"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
        },
        {
          "name": "1015868",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015868"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
        },
        {
          "name": "1641",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/1641"
        },
        {
          "name": "GLSA-200604-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19856"
            },
            {
              "name": "28666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28666"
            },
            {
              "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
            },
            {
              "name": "xinelib-mpeg-bo(25670)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
            },
            {
              "name": "FEDORA-2008-1047",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
            },
            {
              "name": "FEDORA-2008-1043",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
            },
            {
              "name": "19853",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19853"
            },
            {
              "name": "17370",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17370"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=128838",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
            },
            {
              "name": "1015868",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015868"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608",
              "refsource": "MISC",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
            },
            {
              "name": "1641",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/1641"
            },
            {
              "name": "GLSA-200604-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1664",
    "datePublished": "2006-04-07T10:00:00",
    "dateReserved": "2006-04-07T00:00:00",
    "dateUpdated": "2024-08-07T17:19:49.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D402CB-4DED-4525-AF38-B5EC73C39E55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A905719D-4520-4374-B3A7-55034728B85C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2899EF34-824B-4893-8636-64A83EC5885B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EB8D295-B589-4E88-8FEE-DDD1591D9189\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAB10333-6C25-4359-BB3F-D76468170825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2377493B-8CC0-414B-AA5F-B7777C852195\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.\"}]",
      "id": "CVE-2006-1664",
      "lastModified": "2024-11-21T00:09:25.873",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-04-07T10:04:00.000",
      "references": "[{\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=128838\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19853\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19856\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28666\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015868\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17370\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25670\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/1641\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=128838\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28666\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17370\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25670\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/1641\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-07T10:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D402CB-4DED-4525-AF38-B5EC73C39E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A905719D-4520-4374-B3A7-55034728B85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2899EF34-824B-4893-8636-64A83EC5885B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB8D295-B589-4E88-8FEE-DDD1591D9189\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAB10333-6C25-4359-BB3F-D76468170825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2377493B-8CC0-414B-AA5F-B7777C852195\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=128838\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19853\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19856\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28666\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015868\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17370\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25670\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/1641\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=128838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28666\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/1641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-1664

Vulnerability from fkie_nvd - Published: 2006-04-07 10:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

References

URL	Tags
cve@mitre.org	http://bugs.gentoo.org/show_bug.cgi?id=128838
cve@mitre.org	http://secunia.com/advisories/19853
cve@mitre.org	http://secunia.com/advisories/19856
cve@mitre.org	http://secunia.com/advisories/28666
cve@mitre.org	http://securitytracker.com/id?1015868
cve@mitre.org	http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml
cve@mitre.org	http://www.securityfocus.com/bid/17370
cve@mitre.org	http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25670
cve@mitre.org	https://www.exploit-db.com/exploits/1641
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=128838
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19856
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28666
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015868
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17370
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25670
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/1641
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html

Impacted products

Vendor	Product	Version
xine	xine-lib	0.9.13
xine	xine-lib	1.0
xine	xine-lib	1.0.1
xine	xine-lib	1.0.2
xine	xine-lib	1.0.3a
xine	xine-lib	1.1.0
xine	xine-lib	1.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
    }
  ],
  "id": "CVE-2006-1664",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-07T10:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19853"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015868"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/1641"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/1641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9WRH-G7C2-FV5F

Vulnerability from github – Published: 2022-05-01 06:51 – Updated: 2022-05-01 06:51

Details

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1664"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-07T10:04:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.",
  "id": "GHSA-9wrh-g7c2-fv5f",
  "modified": "2022-05-01T06:51:40Z",
  "published": "2022-05-01T06:51:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1664"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/1641"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19853"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19856"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28666"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015868"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17370"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-1664

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

Aliases

CVE-2006-1664

Aliases

CVE-2006-1664

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1664",
    "description": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.",
    "id": "GSD-2006-1664",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-1664.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1664"
      ],
      "details": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.",
      "id": "GSD-2006-1664",
      "modified": "2023-12-13T01:19:55.241265Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1664",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "19856",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19856"
          },
          {
            "name": "28666",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28666"
          },
          {
            "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
          },
          {
            "name": "xinelib-mpeg-bo(25670)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
          },
          {
            "name": "FEDORA-2008-1047",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
          },
          {
            "name": "FEDORA-2008-1043",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
          },
          {
            "name": "19853",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19853"
          },
          {
            "name": "17370",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17370"
          },
          {
            "name": "http://bugs.gentoo.org/show_bug.cgi?id=128838",
            "refsource": "CONFIRM",
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
          },
          {
            "name": "1015868",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015868"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608",
            "refsource": "MISC",
            "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
          },
          {
            "name": "1641",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/1641"
          },
          {
            "name": "GLSA-200604-16",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1664"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"
            },
            {
              "name": "17370",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17370"
            },
            {
              "name": "1015868",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015868"
            },
            {
              "name": "GLSA-200604-16",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
            },
            {
              "name": "19853",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19853"
            },
            {
              "name": "19856",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19856"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608",
              "refsource": "MISC",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=9655\u0026release_id=571608"
            },
            {
              "name": "FEDORA-2008-1043",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"
            },
            {
              "name": "FEDORA-2008-1047",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"
            },
            {
              "name": "28666",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28666"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=128838",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"
            },
            {
              "name": "xinelib-mpeg-bo(25670)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"
            },
            {
              "name": "1641",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/1641"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-19T01:29Z",
      "publishedDate": "2006-04-07T10:04Z"
    }
  }
}

CERTA-2006-AVI-175

Vulnerability from certfr_avis - Published: - Updated:

None

Description

La bibliothèque xine-lib fournit un ensemble de fonctions permettant de construire un lecteur multimedia. Parmi les produits pouvant employer cette bibliothèque on trouve xine, gxine, les composants du bureau KDE kdemultimedia... Une vulnérabilité dans la gestion par xine-lib des fichiers de type MPEG permet à un utilisateur mal intentionné de réaliser un débordement de mémoire et ainsi d'exécuter du code arbitraire sur la machine vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Tout système avec un lecteur multimedia utilisant la bibliothèque xine-lib en version 1.1.1 ou toute version antérieure.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA 200604-16 du 26 avril 2006	None	vendor-advisory
Site Internet de xine :	-	other
Bulletin de sécurité Gentoo GLSA-200604-16 du 26 avril 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTout syst\u00e8me avec un lecteur multimedia  utilisant la biblioth\u00e8que \u003cTT\u003exine-lib\u003c/TT\u003e en version 1.1.1 ou  toute version ant\u00e9rieure.\u003c/p\u003e",
  "content": "## Description\n\nLa biblioth\u00e8que xine-lib fournit un ensemble de fonctions permettant de\nconstruire un lecteur multimedia. Parmi les produits pouvant employer\ncette biblioth\u00e8que on trouve xine, gxine, les composants du bureau KDE\nkdemultimedia... Une vuln\u00e9rabilit\u00e9 dans la gestion par xine-lib des\nfichiers de type MPEG permet \u00e0 un utilisateur mal intentionn\u00e9 de\nr\u00e9aliser un d\u00e9bordement de m\u00e9moire et ainsi d\u0027ex\u00e9cuter du code\narbitraire sur la machine vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1664"
    }
  ],
  "links": [
    {
      "title": "Site Internet de xine :",
      "url": "http://xinehq.de"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200604-16 du 26 avril 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
    }
  ],
  "reference": "CERTA-2006-AVI-175",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de la biblioth\u00e8que multimedia xine-lib",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-16 du 26 avril 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-175

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Tout système avec un lecteur multimedia utilisant la bibliothèque xine-lib en version 1.1.1 ou toute version antérieure.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA 200604-16 du 26 avril 2006	None	vendor-advisory
Site Internet de xine :	-	other
Bulletin de sécurité Gentoo GLSA-200604-16 du 26 avril 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTout syst\u00e8me avec un lecteur multimedia  utilisant la biblioth\u00e8que \u003cTT\u003exine-lib\u003c/TT\u003e en version 1.1.1 ou  toute version ant\u00e9rieure.\u003c/p\u003e",
  "content": "## Description\n\nLa biblioth\u00e8que xine-lib fournit un ensemble de fonctions permettant de\nconstruire un lecteur multimedia. Parmi les produits pouvant employer\ncette biblioth\u00e8que on trouve xine, gxine, les composants du bureau KDE\nkdemultimedia... Une vuln\u00e9rabilit\u00e9 dans la gestion par xine-lib des\nfichiers de type MPEG permet \u00e0 un utilisateur mal intentionn\u00e9 de\nr\u00e9aliser un d\u00e9bordement de m\u00e9moire et ainsi d\u0027ex\u00e9cuter du code\narbitraire sur la machine vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1664"
    }
  ],
  "links": [
    {
      "title": "Site Internet de xine :",
      "url": "http://xinehq.de"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200604-16 du 26 avril 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"
    }
  ],
  "reference": "CERTA-2006-AVI-175",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de la biblioth\u00e8que multimedia xine-lib",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200604-16 du 26 avril 2006",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1664 (GCVE-0-2006-1664)

FKIE_CVE-2006-1664

GHSA-9WRH-G7C2-FV5F

GSD-2006-1664

CERTA-2006-AVI-175

Description

Solution

CERTA-2006-AVI-175

Description

Solution

Tags

Sightings

Nomenclature