Xine: >> Xine-Lib >> 1.1.9.1 Security Vulnerabilities
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-11-26
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
CVSS Score
4.3
EPSS Score
0.006
Published
2008-11-26
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
CVSS Score
4.3
EPSS Score
0.017
Published
2008-07-18
Page 2