VYPR

Xine UI

by Xine

CVEs (5)

  • CVE-2006-2230May 5, 2006
    risk 0.04cvss epss 0.07

    Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition,…

  • CVE-2004-1951Dec 31, 2004
    risk 0.04cvss epss 0.08

    xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

  • CVE-2007-0254Jan 16, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.

  • CVE-2004-1187Jan 10, 2005
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

  • CVE-2004-0372Apr 15, 2004
    risk 0.00cvss epss 0.00

    xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.