Shodan
Vulnerabilities
Vulnerable Software
Xine:  >> Xine-Lib  >> 1.0.2  Security Vulnerabilities
CVE-2008-5247
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-11-26
CVE-2008-5248
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
CVSS Score
4.3
EPSS Score
0.006
Published
2008-11-26
CVE-2008-3231
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.
CVSS Score
4.3
EPSS Score
0.017
Published
2008-07-18
CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
CVSS Score
9.3
EPSS Score
0.061
Published
2008-04-08
CVE-2006-4799
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
CVSS Score
7.5
EPSS Score
0.015
Published
2006-09-14
CVE-2006-2802
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
CVSS Score
5.0
EPSS Score
0.087
Published
2006-06-03
CVE-2006-1664
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
CVSS Score
7.5
EPSS Score
0.071
Published
2006-04-07
CVE-2005-2967
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
CVSS Score
7.5
EPSS Score
0.1
Published
2005-10-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved