Show filters
41 Total Results
Displaying 21-30 of 41
Sort by:
Attacker Value
Unknown
CVE-2008-1686
Disclosure Date: April 08, 2008 (last updated October 04, 2023)
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
0
Attacker Value
Unknown
CVE-2008-0073
Disclosure Date: March 24, 2008 (last updated October 04, 2023)
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
0
Attacker Value
Unknown
CVE-2008-1482
Disclosure Date: March 24, 2008 (last updated October 04, 2023)
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
0
Attacker Value
Unknown
CVE-2008-0486
Disclosure Date: February 05, 2008 (last updated October 04, 2023)
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
0
Attacker Value
Unknown
CVE-2006-4799
Disclosure Date: September 14, 2006 (last updated October 04, 2023)
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
0
Attacker Value
Unknown
CVE-2006-2200
Disclosure Date: June 28, 2006 (last updated October 04, 2023)
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
0
Attacker Value
Unknown
CVE-2006-2802
Disclosure Date: June 03, 2006 (last updated October 04, 2023)
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
0
Attacker Value
Unknown
CVE-2006-1905
Disclosure Date: April 20, 2006 (last updated October 04, 2023)
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
0
Attacker Value
Unknown
CVE-2006-1664
Disclosure Date: April 07, 2006 (last updated February 22, 2025)
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
0
Attacker Value
Unknown
CVE-2005-2967
Disclosure Date: October 14, 2005 (last updated February 22, 2025)
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
0
