Every CVE whose affected-product data names Xine Xine-lib, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2004-1300 — CVSS 10.0 (critical): Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary…
CVE-2004-0433 — CVSS 10.0 (critical): Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib)…
CVE-2004-1188 — CVSS 10.0 (critical): The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify…
CVE-2004-1187 — CVSS 10.0 (critical): Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows…
CVE-2008-5244 — CVSS 10.0 (critical): Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of…
CVE-2008-5245 — CVSS 9.3 (critical): xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack…
CVE-2008-1686 — CVSS 9.3 (critical): Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters…
CVE-2008-5234 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code…
CVE-2008-5246 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3…
CVE-2008-0238 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to…
CVE-2004-1379 — CVSS 7.5 (high): Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary…
CVE-2009-0698 — CVSS 7.5 (high): Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service…
CVE-2005-1195 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib…
CVE-2005-2967 — CVSS 7.5 (high): Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers…
CVE-2006-1664 — CVSS 7.5 (high): Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote…
CVE-2008-1878 — CVSS 7.5 (high): Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote…
CVE-2006-4799 — CVSS 7.5 (high): Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI…
CVE-2008-0486 — CVSS 7.5 (high): Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in…
CVE-2008-1110 — CVSS 6.8 (medium): Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote…
CVE-2008-0073 — CVSS 6.8 (medium): Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute…
CVE-2008-1482 — CVSS 6.8 (medium): Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly…
CVE-2008-5242 — CVSS 6.8 (medium): demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM…
CVE-2008-0225 — CVSS 6.4 (medium): Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to…
CVE-2004-1476 — CVSS 5.1 (medium): Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute…
CVE-2004-1455 — CVSS 5.1 (medium): Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted…
CVE-2006-2200 — CVSS 5.1 (medium): Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a…
CVE-2004-1475 — CVSS 5.1 (medium): Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd://…
CVE-2006-2802 — CVSS 5.0 (medium): Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service…
CVE-2009-1274 — CVSS 5.0 (medium): Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers…
CVE-2004-1951 — CVSS 5.0 (medium): xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via…
CVE-2008-5243 — CVSS 4.3 (medium): The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input…
CVE-2008-3231 — CVSS 4.3 (medium): xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing…
CVE-2008-5240 — CVSS 4.3 (medium): xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not…
CVE-2008-5239 — CVSS 4.3 (medium): xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read…
CVE-2008-5247 — CVSS 4.3 (medium): The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted…
CVE-2008-5248 — CVSS 4.3 (medium): xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of…
CVE-2008-5241 — CVSS 4.3 (medium): Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allows remote attackers to cause a denial of…
CVE-2008-5233 — CVSS 4.3 (medium): xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the…