MidnightBSD

Advisories for xine

CVE-2004-0372 LOW

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
xine xine 1_rc0a
xine xine 1_rc2
xine xine 1_rc3
xine xine 1_beta3
xine xine 1_beta12
xine xine 1_beta1
xine xine 1_beta6
xine xine 1_rc3a
xine xine 1_beta4
xine xine 1_beta11
xine xine 1_rc3b
xine xine 1_beta2
xine xine 0.9.13
xine xine 1_beta10
xine xine 1_rc1
xine xine 1_beta9
xine xine 1_beta5
xine xine 1_beta8
CVE-2004-0433 HIGH

Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1_beta5
xine xine-lib 1_rc3a
xine xine-lib 1_beta11
xine xine-lib 1_beta8
xine xine-lib 1_beta1
xine xine-lib 1_beta4
mplayer mplayer 1.0_pre3try2
xine xine-lib 1_rc3b
xine xine-lib 1_beta10
xine xine-lib 1_beta3
xine xine-lib 1_rc2
xine xine-lib 1_beta6
xine xine-lib 1_beta7
xine xine-lib 1_beta2
xine xine-lib 1_beta9
xine xine-lib 1_rc3c
CVE-2004-1034 HIGH

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kaffeine kaffeine_player 0.5_rc1
xine gxine 0.3
kaffeine kaffeine_player 0.4.3
gentoo linux *
kaffeine kaffeine_player 0.4.2
kaffeine kaffeine_player 0.4.3b
CVE-2004-1187 HIGH

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
mplayer mplayer 1.0_pre4
xine xine 1_beta6
mandrakesoft mandrake_linux 10.1
xine xine 1_rc6a
xine xine 1_rc0
mplayer mplayer 1.0_pre5try2
xine xine 1_beta11
xine xine-lib 1_alpha
xine xine-lib 1_rc1
xine xine-lib 1_beta3
xine xine 1_beta10
xine xine 1_alpha
mplayer mplayer 0.90_pre
xine xine-lib 1_beta9
xine xine-lib 1_rc0
xine xine-lib 1_rc3c
xine xine-lib 1_rc6
mplayer mplayer 0.91
xine xine-lib 1_beta5
xine xine 1_rc3
xine xine 1_beta12
xine xine-lib 0.99
xine xine-lib 1_beta12
xine xine 1_rc3b
xine xine 1_beta2
xine xine 0.9.13
xine xine-lib 1_beta6
xine xine-lib 1_beta7
xine xine 1_beta8
mplayer mplayer 0.92_cvs
xine xine-lib 1_rc3a
xine xine 1_beta3
xine xine-lib 1_beta1
mplayer mplayer 1.0_pre5try1
mplayer mplayer 1.0_pre5
mplayer mplayer head_cvs
mplayer mplayer 1.0_pre3
xine xine 1_rc7
xine xine-lib 1_beta10
xine xine-lib 1_rc6a
xine xine 1_beta9
xine xine 1_beta5
mplayer mplayer 1.0_pre2
xine xine-lib 1_rc3
mplayer mplayer 0.90
xine xine 1_rc0a
xine xine 0.9.8
xine xine-lib 1_rc7
mplayer mplayer 0.90_rc
xine xine 1_rc2
mplayer mplayer 0.90_rc4
xine xine-lib 1_beta11
xine xine-lib 1_beta8
mandrakesoft mandrake_linux 10.0
xine xine 1_beta1
mplayer mplayer 0.92.1
xine xine-lib 0.9.8
xine xine 1_rc3a
xine xine 1_beta4
xine xine-lib 1_beta4
xine xine-lib 0.9.13
mplayer mplayer 1.0_pre3try2
xine xine-lib 1_rc3b
xine xine-lib 1_rc5
mplayer mplayer 1.0_pre1
xine xine 1_rc4
xine xine-lib 1_rc2
xine xine 1_rc1
mplayer mplayer 0.92
xine xine 1_rc5
xine xine 1_rc6
xine xine-lib 1_beta2
xine xine 0.9.18
xine xine 1_rc8
xine xine-lib 1_rc4
CVE-2004-1188 HIGH

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
mplayer mplayer 1.0_pre4
xine xine 1_beta6
mandrakesoft mandrake_linux 10.1
xine xine 1_rc6a
xine xine 1_rc0
mplayer mplayer 1.0_pre5try2
xine xine 1_beta11
xine xine-lib 1_alpha
xine xine-lib 1_rc1
xine xine-lib 1_beta3
xine xine 1_beta10
xine xine 1_alpha
mplayer mplayer 0.90_pre
xine xine-lib 1_beta9
xine xine-lib 1_rc0
xine xine-lib 1_rc3c
xine xine-lib 1_rc6
mplayer mplayer 0.91
xine xine-lib 1_beta5
xine xine 1_rc3
xine xine 1_beta12
xine xine-lib 0.99
xine xine-lib 1_beta12
xine xine 1_rc3b
xine xine 1_beta2
xine xine 0.9.13
xine xine-lib 1_beta6
xine xine-lib 1_beta7
xine xine 1_beta8
mplayer mplayer 0.92_cvs
xine xine-lib 1_rc3a
xine xine 1_beta3
xine xine-lib 1_beta1
mplayer mplayer 1.0_pre5try1
mplayer mplayer 1.0_pre5
mplayer mplayer head_cvs
mplayer mplayer 1.0_pre3
xine xine 1_rc7
xine xine-lib 1_beta10
xine xine-lib 1_rc6a
xine xine 1_beta9
xine xine 1_beta5
mplayer mplayer 1.0_pre2
xine xine-lib 1_rc3
mplayer mplayer 0.90
xine xine 1_rc0a
xine xine 0.9.8
xine xine-lib 1_rc7
mplayer mplayer 0.90_rc
xine xine 1_rc2
mplayer mplayer 0.90_rc4
xine xine-lib 1_beta11
xine xine-lib 1_beta8
mandrakesoft mandrake_linux 10.0
xine xine 1_beta1
mplayer mplayer 0.92.1
xine xine-lib 0.9.8
xine xine 1_rc3a
xine xine 1_beta4
xine xine-lib 1_beta4
xine xine-lib 0.9.13
mplayer mplayer 1.0_pre3try2
xine xine-lib 1_rc3b
xine xine-lib 1_rc5
mplayer mplayer 1.0_pre1
xine xine 1_rc4
xine xine-lib 1_rc2
xine xine 1_rc1
mplayer mplayer 0.92
xine xine 1_rc5
xine xine 1_rc6
xine xine-lib 1_beta2
xine xine 0.9.18
xine xine 1_rc8
xine xine-lib 1_rc4
CVE-2004-1300 HIGH

Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1_rc7
CVE-2004-1379 HIGH

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
xine xine-lib 1_rc3a
xine xine 1_beta3
xine xine 1_beta6
xine xine 1_rc0
xine xine 1_beta11
xine xine-lib 1_rc1
xine xine-lib 1_beta3
xine xine 1_beta10
xine xine 1_alpha
xine xine 1_beta9
xine xine 1_beta5
xine xine-lib 1_beta9
xine xine-lib 1_rc0
xine xine-lib 1_rc3
xine xine-lib 1_rc3c
xine xine 1_rc0a
xine xine-lib 1_beta5
xine xine 1_rc2
xine xine 1_rc3
xine xine 1_beta12
xine xine-lib 1_beta8
xine xine 1_beta1
xine xine-lib 0.9.8
xine xine 1_rc3a
xine xine 1_beta4
xine xine-lib 1_beta4
xine xine-lib 1_rc3b
xine xine-lib 1_beta12
xine xine-lib 1_rc5
xine xine 1_rc3b
xine xine 1_beta2
xine xine 1_rc4
xine xine-lib 1_rc2
xine xine 1_rc1
xine xine-lib 1_beta6
xine xine 1_rc5
xine xine-lib 1_beta7
xine xine-lib 1_beta2
xine xine-lib 1_rc4
xine xine 1_beta8
CVE-2004-1455 MEDIUM

Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1_beta5
xine xine-lib 1_rc3a
xine xine-lib 1_beta11
xine xine-lib 1_beta8
xine xine-lib 1_beta1
xine xine-lib 1_beta4
xine xine-lib 1_rc3b
xine xine-lib 1_rc5
xine xine-lib 1_beta10
xine xine-lib 1_beta3
xine xine-lib 1_rc2
xine xine-lib 1_rc5_r2
xine xine-lib 1_beta6
xine xine-lib 1_beta7
xine xine-lib 1_beta2
xine xine-lib 1_beta9
xine xine-lib 1_rc4
xine xine-lib 1_rc3c
CVE-2004-1475 MEDIUM

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1_rc5
xine xine 1_rc2
xine xine 1_rc3
xine xine 1_rc4
xine xine-lib 0.99
xine xine-lib 1_rc2
xine xine 1_rc5
xine xine 0.9.18
xine xine-lib 1_rc4
xine xine-lib 1_rc3
CVE-2004-1476 MEDIUM

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.1
xine xine 1_rc2
xine xine 1_rc3
xine xine-lib 0.99
suse suse_linux 9.0
suse suse_linux 8.0
suse suse_linux 9.2
xine xine-lib 1_rc5
xine xine 1_rc4
xine xine-lib 1_rc2
suse suse_linux 9.1
xine xine 1_rc5
suse suse_linux 8.2
xine xine 0.9.18
xine xine-lib 1_rc4
xine xine-lib 1_rc3
CVE-2004-1951 MEDIUM

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
xine xine-lib 1_rc3a
xine xine-ui 0.9.23
xine xine 1_beta3
xine xine 1_beta6
xine xine 1_beta11
xine xine 1_beta10
xine xine 1_beta9
xine xine 1_beta5
xine xine-lib 1_rc3c
xine xine 1_rc0a
xine xine 0.9.8
xine xine-ui 0.9.22
xine xine 1_rc2
xine xine 1_rc3
xine xine 1_beta12
xine xine 1_beta1
xine xine 1_rc3a
xine xine 1_beta4
xine xine-ui 0.9.21
xine xine-lib 1_rc3b
xine xine 1_rc3b
xine xine 1_beta2
xine xine 0.9.13
xine xine-lib 1_rc2
xine xine 1_rc1
xine xine 1_beta8
CVE-2005-1195 HIGH

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1_beta5
xine xine-lib 1_rc3a
xine xine-lib 1_beta11
xine xine-lib 1_beta8
xine xine-lib 1_beta1
xine xine-lib 1_beta4
xine xine-lib 1_rc3b
xine xine-lib 1_beta10
xine xine-lib 1_beta3
xine xine-lib 1_rc2
xine xine-lib 1_beta6
mplayer mplayer *
xine xine-lib 1_beta7
xine xine-lib 1_beta2
xine xine-lib 1_beta9
xine xine-lib 1_rc3c
CVE-2005-1692 HIGH

Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine gxine 0.42
xine gxine 0.43
xine gxine 0.41
xine gxine 0.44
CVE-2005-2967 HIGH

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1.0.1
xine xine-lib 1.0
xine xine-lib 1.0.2
xine xine-lib 1.1.0
xine xine-lib 0.9.13
CVE-2006-1664 HIGH

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine-lib 1.0.1
xine xine-lib 1.1.1
xine xine-lib 1.0
xine xine-lib 1.0.2
xine xine-lib 1.1.0
xine xine-lib 0.9.13
xine xine-lib 1.0.3a
CVE-2006-1905 HIGH

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 1_beta7
xine xine 1_beta3
xine xine 1_beta6
xine xine 1_rc6a
xine xine 1_rc0
xine xine 1_beta11
xine xine 1_rc7
xine xine 1_beta10
xine xine 1_alpha
xine xine 1_beta9
xine xine 1_beta5
xine xine 1.0
xine xine 1_rc0a
xine xine 0.9.8
xine xine 1_rc2
xine xine 1_rc3
xine xine 1_beta12
xine xine 1_beta1
xine xine 1_rc3a
xine xine 1_beta4
xine xine 1.0.1
xine xine 1_rc3b
xine xine 1_beta2
xine xine 1_rc4
xine xine 0.9.13
xine xine 1_rc1
xine xine 1_rc5
xine xine 1_rc6
xine xine 0.9.18
xine xine 1_rc8
xine xine 1_beta8
CVE-2006-2200 MEDIUM

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xine xine-lib 1.1.0
mimms mimms 0.0.9
CVE-2006-2230 MEDIUM

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine xine 0.99.4
CVE-2006-2802 MEDIUM

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xine gxine 0.5.6
xine xine-lib 1.0.1
xine xine-lib 1.1.1
xine xine-lib 1.0.2
xine xine-lib 1.1.0
CVE-2008-1110 MEDIUM

Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xine xine-lib *
xine xine-plugin *