VYPR
Vendor

Xine

xine is a multimedia playback engine for Unix-like operating systems released under the GNU General Public License. xine is built around a shared library (xine-lib) that supports different frontend player applications. xine uses libraries from other projects such as liba52, libmpeg2, FFmpeg, libmad, FAAD2, and Ogle. xine can also use binary Windows codecs through a wrapper, bundled as the w32codecs, for playback of some media formats that are not handled natively.

Founded 2000
Products
8
CVEs
55
Across products
63
Status
Private

Products

8

Recent CVEs

55
View all 55 CVEs →
  • CVE-2008-1878Apr 17, 2008
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.

  • CVE-2008-1482Mar 24, 2008
    risk 0.04cvss epss 0.10

    Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an…

  • CVE-2008-0073Mar 24, 2008
    risk 0.04cvss epss 0.09

    Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

  • CVE-2008-1110Feb 29, 2008
    risk 0.04cvss epss 0.10

    Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an…

  • CVE-2008-0225Jan 10, 2008
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to…

  • CVE-2006-2802Jun 3, 2006
    risk 0.04cvss epss 0.11

    Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

  • CVE-2006-2230May 5, 2006
    risk 0.04cvss epss 0.07

    Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition,…

  • CVE-2006-1905Apr 20, 2006
    risk 0.04cvss epss 0.14

    Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

  • CVE-2006-1664Apr 7, 2006
    risk 0.04cvss epss 0.15

    Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

  • CVE-2005-2967Oct 14, 2005
    risk 0.04cvss epss 0.10

    Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

  • CVE-2004-1300Jan 10, 2005
    risk 0.04cvss epss 0.09

    Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.

  • CVE-2004-1951Dec 31, 2004
    risk 0.04cvss epss 0.08

    xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

  • CVE-2004-1475Dec 31, 2004
    risk 0.04cvss epss 0.08

    Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

  • CVE-2008-1161Mar 10, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.

  • CVE-2009-1274Apr 8, 2009
    risk 0.00cvss epss 0.05

    Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.

  • CVE-2009-0698Feb 23, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.

  • CVE-2008-5248Nov 26, 2008
    risk 0.00cvss epss 0.01

    xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."

  • CVE-2008-5247Nov 26, 2008
    risk 0.00cvss epss 0.02

    The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash)…

  • CVE-2008-5246Nov 26, 2008
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is…

  • CVE-2008-5245Nov 26, 2008
    risk 0.00cvss epss 0.02

    xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.