Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
12.07%
Published
2009-04-08
Updated
2018-10-10
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Max CVSS
4.3
EPSS Score
0.69%
Published
2008-11-26
Updated
2009-11-24
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
Max CVSS
4.3
EPSS Score
2.22%
Published
2008-11-26
Updated
2018-10-11
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
10.73%
Published
2008-11-26
Updated
2017-08-08
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
Max CVSS
9.3
EPSS Score
0.23%
Published
2008-11-26
Updated
2017-08-08
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-11-26
Updated
2009-02-20
The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to "reindex into an allocated buffer," which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error.
Max CVSS
4.3
EPSS Score
25.71%
Published
2008-11-26
Updated
2018-10-11
demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Max CVSS
6.8
EPSS Score
2.75%
Published
2008-11-26
Updated
2018-10-11
Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of service (crash) via a crafted media file that results in a small value of moov_atom_size in a compressed MOV (aka CMOV_ATOM).
Max CVSS
4.3
EPSS Score
1.81%
Published
2008-11-26
Updated
2018-10-11
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value.
Max CVSS
4.3
EPSS Score
4.26%
Published
2008-11-26
Updated
2018-10-11
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
Max CVSS
9.3
EPSS Score
9.57%
Published
2008-11-26
Updated
2018-10-11
xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file.
Max CVSS
4.3
EPSS Score
2.80%
Published
2008-11-26
Updated
2018-10-11
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
Max CVSS
4.3
EPSS Score
6.18%
Published
2008-07-18
Updated
2017-08-08
13 vulnerabilities found