Xine: >> Xine-Lib >> 1.1.13 Security Vulnerabilities
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
9.3
EPSS Score
0.043
Published
2008-11-26
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-11-26
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
CVSS Score
4.3
EPSS Score
0.006
Published
2008-11-26
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
CVSS Score
4.3
EPSS Score
0.02
Published
2008-07-18
Page 2