This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xine First view 2004-04-15
Product Xine Last view 2008-11-25
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:* 12
cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:* 12
cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:* 10
cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:* 9
cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:* 9
cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:* 8
cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:* 8
cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:* 8
cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:* 7
cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:* 7
cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:* 7
cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:* 7
cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:* 6
cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:* 5
cpe:2.3:a:xine:xine:1.1.4:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta2:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.0.2:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.0.3a:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.1.11:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:rc4:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:rc4a:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta7:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta6:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta10:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta1:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.1.3:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta9:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta8:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta12:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1:beta11:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.1.0:*:*:*:*:*:*:* 4
cpe:2.3:a:xine:xine:1.1.1:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
7.1 2008-11-25 CVE-2008-5238

Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
10 2008-11-25 CVE-2008-5237

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
9.3 2008-11-25 CVE-2008-5236

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
9.3 2008-11-25 CVE-2008-5235

Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
9.3 2007-01-16 CVE-2007-0255

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
5 2006-05-05 CVE-2006-2230

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
7.5 2006-04-20 CVE-2006-1905

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
10 2005-01-10 CVE-2004-1188

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
10 2005-01-10 CVE-2004-1187

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
5 2004-12-31 CVE-2004-1951

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
5.1 2004-12-31 CVE-2004-1476

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
5.1 2004-12-31 CVE-2004-1475

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
7.5 2004-09-16 CVE-2004-1379

Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
2.1 2004-04-15 CVE-2004-0372

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-189 Numeric Errors
50% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
52940 xine-lib demux_realaudio.c open_ra_file Function RA File Handling Overflow
52939 xine-lib demux_real.c Multiple Function Overflows
52938 xine-lib demux_matroska.c parse_block_group Function EBML Element Length Proc...
47746 xine-lib src/demuxers/demux_mng.c mymng_process_header() Function Overflow
47743 xine-lib src/demuxers/demux_real.c Multiple Function Overflows
47678 xine-lib src/demuxers/demux_real.c demux_real_send_chunk() Function Real Medi...
31666 xine udp:// URI Handling Format String
25606 xine xiTK Multiple Format String
24747 Xine Playlist xitk/main.c print_formatted() Function Format String
12662 xine pnm_get_chunk() Function Multiple Tag Overflow
12661 xine PNM Handler PNA_TAG Overflow
10044 xine-lib DVD Subpicture Decoder Remote Overflow
10043 xine-lib VideoCD Text Subtitle Parsing Remote Overflow
10042 xine-lib VideoCD ISO Disk Label Parsing Remote Overflow
10041 xine-lib VideoCD vcd:// Parsing Remote Overflow
5739 xine-ui Playlists MRL Arbitrary File Modification
5594 xine-lib Playlists MRL Arbitrary File Modification
4515 Xine Insecure Temporary File Creation

OpenVAS Exploits

id Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-04 (xine-lib)
File : nvt/glsa_201006_04.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:319 (xine-lib)
File : nvt/mdksa_2009_319.nasl
2009-04-09 Name : Mandriva Update for xine-ui MDKSA-2007:027 (xine-ui)
File : nvt/gb_mandriva_MDKSA_2007_027.nasl
2009-02-18 Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-01-26 Name : Mandrake Security Advisory MDVSA-2009:020 (xine-lib)
File : nvt/mdksa_2009_020.nasl
2009-01-20 Name : Fedora Core 10 FEDORA-2009-0483 (xine-lib)
File : nvt/fcore_2009_0483.nasl
2009-01-20 Name : Fedora Core 9 FEDORA-2009-0542 (xine-lib)
File : nvt/fcore_2009_0542.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-15 (xine-ui)
File : nvt/glsa_200604_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200501-07 (xine-lib)
File : nvt/glsa_200501_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-30 (xine-lib)
File : nvt/glsa_200409_30.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200404-20 (xine)
File : nvt/glsa_200404_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200408-18 (xine-lib)
File : nvt/glsa_200408_18.nasl
2008-09-04 Name : FreeBSD Ports: libxine
File : nvt/freebsd_libxine0.nasl
2008-09-04 Name : FreeBSD Ports: xine
File : nvt/freebsd_xine0.nasl
2008-09-04 Name : FreeBSD Ports: xine
File : nvt/freebsd_xine.nasl
2008-09-04 Name : mplayer -- multiple vulnerabilities
File : nvt/freebsd_mplayer0.nasl
2008-09-04 Name : FreeBSD Ports: libxine
File : nvt/freebsd_libxine2.nasl
2008-09-04 Name : FreeBSD Ports: libxine
File : nvt/freebsd_libxine.nasl
2008-08-22 Name : xine-lib Multiple Vulnerabilities
File : nvt/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
2008-01-17 Name : Debian Security Advisory DSA 657-1 (xine-lib)
File : nvt/deb_657_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 477-1 (xine-ui)
File : nvt/deb_477_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1093-1 (xine-ui)
File : nvt/deb_1093_1.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_xine-devel-5965.nasl - Type: ACT_GATHER_INFO
2010-06-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201006-04.nasl - Type: ACT_GATHER_INFO
2009-12-07 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-319.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_xine-devel-090129.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-710-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-154.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-020.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_fde532047ea611d896450020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e50b04e89c5511d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-0483.nasl - Type: ACT_GATHER_INFO
2009-02-05 Name: The remote openSUSE host is missing a security update.
File: suse_xine-devel-5966.nasl - Type: ACT_GATHER_INFO
2009-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2009-0542.nasl - Type: ACT_GATHER_INFO
2008-09-10 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7572.nasl - Type: ACT_GATHER_INFO
2008-09-10 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7512.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-027.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1093.nasl - Type: ACT_GATHER_INFO
2006-05-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8d4ae57dd2ab11daa672000e0c2e438a.nasl - Type: ACT_GATHER_INFO
2006-05-13 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-085.nasl - Type: ACT_GATHER_INFO
2006-04-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200604-15.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_85d76f02538011d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_131bd7c464a311d9829a000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-02-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200501-07.nasl - Type: ACT_GATHER_INFO
2005-01-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-657.nasl - Type: ACT_GATHER_INFO
2005-01-19 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-011.nasl - Type: ACT_GATHER_INFO
2004-10-08 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2004-105.nasl - Type: ACT_GATHER_INFO