FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
02eedd3c-c6b5-11dc-93b6-000e35248ad7libxine -- buffer overflow vulnerability

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2008-0225). It also contains a read-past-end fix for an internal library function which is only used if the OS does not supply it and a rendering fix for Darwin/PPC.


Discovery 2008-01-08
Entry 2008-01-19
libxine
< 1.1.9.1

CVE-2008-0225
http://aluigi.altervista.org/adv/xinermffhof-adv.txt
http://secunia.com/advisories/28384
1b043693-8617-11db-93b2-000e35248ad7libxine -- multiple buffer overflow vulnerabilities

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c "real_parse_sdp()" function. A remote attacker could exploit this by tricking an user to connect to a preparated server potentially causing a buffer overflow. Another buffer overflow had been found in the libmms library, potentially allowing a remote attacker to cause a denial of service vulnerability, and possible remote code execution through the following functions: send_command, string_utf16, get_data and get_media_packets. Other functions might be affected as well.


Discovery 2006-05-04
Entry 2006-12-07
Modified 2006-12-09
libxine
< 1.1.3

18608
21435
CVE-2006-2200
CVE-2006-6172
http://sourceforge.net/project/shownotes.php?release_id=468432
107e2ee5-f941-11da-b1fa-020039488e34libxine -- buffer overflow vulnerability

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).


Discovery 2006-05-31
Entry 2006-06-11
libxine
< 1.1.1_6

http://secunia.com/advisories/20369
CVE-2006-2802
18187
51d1d428-42f0-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

  • Fix broken size checks in various input plugins (ref. CVE-2008-5239).
  • More malloc checking (ref. CVE-2008-5240).

Discovery 2009-02-15
Entry 2009-05-17
libxine
< 1.1.16.2

CVE-2009-0698
CVE-2008-5234
CVE-2008-5240
http://trapkit.de/advisories/TKADV2009-004.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
3bc5691e-38dd-11da-92f5-020039488e34libxine -- format string vulnerability

Gentoo Linux Security Advisory reports:

Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents.

An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code.


Discovery 2005-10-08
Entry 2005-10-09
libxine
< 1.1.0_1

CVE-2005-2967
http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml
http://xinehq.de/index.php/security/XSA-2005-1
f6bff909-4a26-11db-a4cc-000a48049292libmms -- stack-based buffer overflow

Mitre CVE reports:

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.


Discovery 2006-05-04
Entry 2006-09-22
libmms
< 0.3

libxine
< 1.1.1

CVE-2006-2200
18608
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577
48e14d86-42f1-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

xine developers report:

  • Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385)
  • Fix an integer overflow in the Quicktime demuxer.

Discovery 2009-04-04
Entry 2009-05-17
libxine
< 1.1.16.3

CVE-2009-0385
CVE-2009-1274
http://trapkit.de/advisories/TKADV2009-004.txt
http://trapkit.de/advisories/TKADV2009-005.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
6ecd0b42-ce77-11dc-89b1-000e35248ad7libxine -- buffer overflow vulnerability

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2006-1664). (This is not the first time that that bug has been fixed...) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9.


Discovery 2008-01-23
Entry 2008-01-29
libxine
< 1.1.10

CVE-2006-1664
http://secunia.com/advisories/19853/
06eac338-9ddf-11dd-813f-000e35248ad7libxine -- denial of service vulnerability

xine team reports:

A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows.


Discovery 2008-07-13
Entry 2008-10-19
libxine
< 1.1.15

CVE-2008-3231
http://www.xinehq.de/index.php/news
http://xforce.iss.net/xforce/xfdb/44040
7a7c5853-10a3-11dd-8eb8-00163e000016libxine -- array index vulnerability

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)


Discovery 2008-04-06
Entry 2008-04-24
libxine
< 1.1.12

CVE-2008-1686
http://www.xinehq.de/index.php/news
91c606fc-b5d0-11d9-a788-0001020eed82mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities

A xine security announcement reports:

By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.

Both the MMS and Real RTSP streaming client code made some too-strong assumptions on the transferred data. Several critical bounds checks were missing, resulting in the possibility of heap overflows, should the remote server not adhere to these assumptions. In the MMS case, a remote server could present content with too many individual streams; in the RTSP case, a remote server's reply could have too many lines.

An attacker can set up a server delivering malicious data to the users. This can be used to overflow a heap buffer, which can, with certain implementations of heap management, lead to attacker chosen data written to the stack. This can cause attacker-chosen code being executed with the permissions of the user running the application. By tricking users to retrieve a stream, which can be as easy as providing a link on a website, this vulnerability can be exploited remotely.


Discovery 2005-04-16
Entry 2005-04-25
mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7

libxine
ge 0.9.9 lt 1.0.1

13270
13271
CVE-2005-1195
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
http://xinehq.de/index.php/security/XSA-2004-8
e8a6a16d-e498-11dc-bb89-000bcdc1757alibxine -- buffer overflow vulnerability

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.


Discovery 2007-02-08
Entry 2008-02-26
libxine
< 1.1.10.1

CVE-2008-0486
http://www.xinehq.de/index.php/news