Executive Summary
Summary | |
---|---|
Title | xine-lib vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-635-1 | First vendor Publication | 2008-08-06 |
Vendor | Ubuntu | Last vendor Modification | 2008-08-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.04: Ubuntu 7.10: Ubuntu 8.04 LTS: After a standard system upgrade you need to restart applications linked against xine-lib to effect the necessary changes. Details follow: Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073) Luigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238) Damian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486) It was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110) It was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161) Luigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482) It was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686) Guido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878) |
Original Source
Url : http://www.ubuntu.com/usn/USN-635-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
40 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10026 | |||
Oval ID: | oval:org.mitre.oval:def:10026 | ||
Title: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Description: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1686 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17457 | |||
Oval ID: | oval:org.mitre.oval:def:17457 | ||
Title: | USN-611-2 -- vorbis-tools vulnerability | ||
Description: | USN-611-1 fixed a vulnerability in Speex. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-2 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | vorbis-tools |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17553 | |||
Oval ID: | oval:org.mitre.oval:def:17553 | ||
Title: | USN-611-1 -- speex vulnerability | ||
Description: | It was discovered that Speex did not properly validate its input when processing Speex file headers. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-1 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | speex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17590 | |||
Oval ID: | oval:org.mitre.oval:def:17590 | ||
Title: | USN-635-1 -- xine-lib vulnerabilities | ||
Description: | Alin Rad Pop discovered an array index vulnerability in the SDP parser. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-635-1 CVE-2008-0073 CVE-2008-0225 CVE-2008-0238 CVE-2008-0486 CVE-2008-1110 CVE-2008-1161 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17732 | |||
Oval ID: | oval:org.mitre.oval:def:17732 | ||
Title: | USN-611-3 -- gst-plugins-good0.10 vulnerability | ||
Description: | USN-611-1 fixed a vulnerability in Speex. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-611-3 CVE-2008-1686 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | gst-plugins-good0.10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18522 | |||
Oval ID: | oval:org.mitre.oval:def:18522 | ||
Title: | DSA-1536-1 xine-lib - several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1536-1 CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18584 | |||
Oval ID: | oval:org.mitre.oval:def:18584 | ||
Title: | DSA-1586-1 xine-lib - multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1586-1 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18615 | |||
Oval ID: | oval:org.mitre.oval:def:18615 | ||
Title: | DSA-1584-1 libfishsound - integer overflow | ||
Description: | It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1584-1 CVE-2008-1686 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libfishsound |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20293 | |||
Oval ID: | oval:org.mitre.oval:def:20293 | ||
Title: | DSA-1585-1 speex - integer overflow | ||
Description: | It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1585-1 CVE-2008-1686 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | speex |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22410 | |||
Oval ID: | oval:org.mitre.oval:def:22410 | ||
Title: | ELSA-2008:0235: speex security update (Important) | ||
Description: | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0235-01 CVE-2008-1686 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | speex |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7756 | |||
Oval ID: | oval:org.mitre.oval:def:7756 | ||
Title: | DSA-1472 xine-lib -- buffer overflow | ||
Description: | Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1472 CVE-2008-0225 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7757 | |||
Oval ID: | oval:org.mitre.oval:def:7757 | ||
Title: | DSA-1536 xine-lib -- several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only). Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only). Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1536 CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7912 | |||
Oval ID: | oval:org.mitre.oval:def:7912 | ||
Title: | DSA-1585 speex -- integer overflow | ||
Description: | It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1585 CVE-2008-1686 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | speex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7965 | |||
Oval ID: | oval:org.mitre.oval:def:7965 | ||
Title: | DSA-1586 xine-lib -- multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. The Common Vulnerabilities and Exposures project identifies the following three problems: Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1586 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8197 | |||
Oval ID: | oval:org.mitre.oval:def:8197 | ||
Title: | DSA-1584 libfishsound -- buffer overflow | ||
Description: | It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1584 CVE-2008-1686 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libfishsound |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-03-25 | MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for speex MDVSA-2008:094 (speex) File : nvt/gb_mandriva_MDVSA_2008_094.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:020 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_020.nasl |
2009-04-09 | Name : Mandriva Update for mplayer MDVSA-2008:045 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_045.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:124 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_124.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:177 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_177.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_178.nasl |
2009-04-09 | Name : Mandriva Update for mplayer MDVSA-2008:219 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_219.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:046 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_046.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:046-1 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_046_1.nasl |
2009-04-09 | Name : Mandriva Update for gstreamer-plugins-good MDVSA-2008:092 (gstreamer-plugins... File : nvt/gb_mandriva_MDVSA_2008_092.nasl |
2009-04-09 | Name : Mandriva Update for vorbis-tools MDVSA-2008:093 (vorbis-tools) File : nvt/gb_mandriva_MDVSA_2008_093.nasl |
2009-03-23 | Name : Ubuntu Update for vorbis-tools vulnerability USN-611-2 File : nvt/gb_ubuntu_USN_611_2.nasl |
2009-03-23 | Name : Ubuntu Update for speex vulnerability USN-611-1 File : nvt/gb_ubuntu_USN_611_1.nasl |
2009-03-23 | Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl |
2009-03-23 | Name : Ubuntu Update for gst-plugins-good0.10 vulnerability USN-611-3 File : nvt/gb_ubuntu_USN_611_3.nasl |
2009-03-06 | Name : RedHat Update for speex RHSA-2008:0235-01 File : nvt/gb_RHSA-2008_0235-01_speex.nasl |
2009-02-27 | Name : CentOS Update for speex CESA-2008:0235 centos4 i386 File : nvt/gb_CESA-2008_0235_speex_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for speex CESA-2008:0235 centos4 x86_64 File : nvt/gb_CESA-2008_0235_speex_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for speex FEDORA-2008-3191 File : nvt/gb_fedora_2008_3191_speex_fc7.nasl |
2009-02-17 | Name : Fedora Update for libfishsound FEDORA-2008-3117 File : nvt/gb_fedora_2008_3117_libfishsound_fc7.nasl |
2009-02-17 | Name : Fedora Update for speex FEDORA-2008-3103 File : nvt/gb_fedora_2008_3103_speex_fc8.nasl |
2009-02-17 | Name : Fedora Update for libfishsound FEDORA-2008-3059 File : nvt/gb_fedora_2008_3059_libfishsound_fc8.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-3326 File : nvt/gb_fedora_2008_3326_xine-lib_fc7.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-3353 File : nvt/gb_fedora_2008_3353_xine-lib_fc8.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-7572 File : nvt/gb_fedora_2008_7572_xine-lib_fc8.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-0718 File : nvt/gb_fedora_2008_0718_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-1543 File : nvt/gb_fedora_2008_1543_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2945 File : nvt/gb_fedora_2008_2945_xine-lib_fc7.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2849 File : nvt/gb_fedora_2008_2849_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2569 File : nvt/gb_fedora_2008_2569_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-1581 File : nvt/gb_fedora_2008_1581_xine-lib_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-01 (xine-lib) File : nvt/glsa_200808_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-12 (xine-lib) File : nvt/glsa_200801_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200802-12 (xine-lib) File : nvt/glsa_200802_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-16 (mplayer) File : nvt/glsa_200803_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-17 (speex) File : nvt/glsa_200804_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl |
2008-09-04 | Name : FreeBSD Ports: vorbis-tools File : nvt/freebsd_vorbis-tools.nasl |
2008-09-04 | Name : mplayer -- multiple vulnerabilities File : nvt/freebsd_mplayer8.nasl |
2008-09-04 | Name : FreeBSD Ports: libxine File : nvt/freebsd_libxine9.nasl |
2008-09-04 | Name : FreeBSD Ports: libxine File : nvt/freebsd_libxine8.nasl |
2008-09-04 | Name : FreeBSD Ports: libxine File : nvt/freebsd_libxine6.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1586-1 (xine-lib) File : nvt/deb_1586_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1584-1 (libfishsound) File : nvt/deb_1584_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1543-1 (vlc) File : nvt/deb_1543_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1536-1 (xine-lib) File : nvt/deb_1536_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1496-1 (mplayer) File : nvt/deb_1496_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1472-1 (xine-lib) File : nvt/deb_1472_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-111-01 xine-lib File : nvt/esoft_slk_ssa_2008_111_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-092-01 xine-lib File : nvt/esoft_slk_ssa_2008_092_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-089-03 xine-lib File : nvt/esoft_slk_ssa_2008_089_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44450 | xine-lib NSF src/demuxers/demux_nsf.c demux_nsf_send_chunk Function Remote Ov... |
44143 | libfishsound Speex Decoder Header Structure Handling Arbitrary Code Execution |
43532 | xine-lib src/demuxers/demux_film.c Film File Handling Remote Overflow |
43531 | xine-lib src/demuxers/ebml.c EBML File Handling Remote Overflow |
43530 | xine-lib src/demuxers/demux_wc3movie.c WC3 Movie File Handling Remote Overflow |
43529 | xine-lib src/demuxers/demux_real.c Real File Handling Remote Overflow |
43528 | xine-lib src/demuxers/demux_qt.c QT File Handling Remote Overflow |
43527 | xine-lib src/demuxers/demux_flv.c FLV Handling Overflow |
43436 | xine-lib sdpplin_parse() Function Array Indexing |
43119 | xine-lib Matroska Demuxer demuxers/demux_matroska.c Frame Size Handling Remot... |
42658 | xineplug_dmx_asf.so Plugin for xine-lib demuxers/demux_asf.c Crafted ASF Head... |
42197 | MPlayer libmpdemux/demux_audio.c FLAC Tag Processing Memory Corruption |
42196 | xine-lib input/libreal/rmff.c rmff_dump_cont Function Multiple SDP Attribute ... |
42195 | xine-lib input/libreal/rmff.c rmff_dump_cont Function RTSP Session SDP Abstra... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_speex_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5304.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vorbis-tools-5302.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-219.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-178.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-177.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-124.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-094.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-093.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-092.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-046.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-045.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-020.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7572.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-01.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_speex-5364.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gstreamer010-plugins-good-5185.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_gstreamer010-plugins-good-5195.nasl - Type : ACT_GATHER_INFO |
2008-06-04 | Name : The remote openSUSE host is missing a security update. File : suse_vorbis-tools-5192.nasl - Type : ACT_GATHER_INFO |
2008-06-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vorbis-tools-5193.nasl - Type : ACT_GATHER_INFO |
2008-05-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1586.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1584.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1585.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3117.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5204.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5205.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_633716fa1f8f11ddb1430211d880e350.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-611-1.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-611-2.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-611-3.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3326.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3353.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7a7c585310a311dd8eb800163e000016.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-25.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-111-01.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-17.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3059.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0235.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3191.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3103.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1543.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6f.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2945.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2849.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-092-01.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5139.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5137.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1536.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5116.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-089-03.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5113.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2569.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5080.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-16.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5078.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_de4d4110ebce11dcae140016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e8a6a16de49811dcbb89000bcdc1757a.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200802-12.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1581.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1543.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1496.nasl - Type : ACT_GATHER_INFO |
2008-01-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-12.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-4926.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-4917.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-4916.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1472.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_02eedd3cc6b511dc93b6000e35248ad7.nasl - Type : ACT_GATHER_INFO |
2008-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0718.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:15 |
|