FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
107e2ee5-f941-11da-b1fa-020039488e34libxine -- buffer overflow vulnerability

A Secunia Advisory reports:

Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system.

The weakness is cause due to a heap corruption within the "xineplug_inp_http.so" plugin when handling an overly large reply from the HTTP server. This can be exploited to crash an application that uses the plugin (e.g. gxine).


Discovery 2006-05-31
Entry 2006-06-11
libxine
< 1.1.1_6

http://secunia.com/advisories/20369
CVE-2006-2802
18187
e8a6a16d-e498-11dc-bb89-000bcdc1757alibxine -- buffer overflow vulnerability

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.


Discovery 2007-02-08
Entry 2008-02-26
libxine
< 1.1.10.1

CVE-2008-0486
http://www.xinehq.de/index.php/news
1b043693-8617-11db-93b2-000e35248ad7libxine -- multiple buffer overflow vulnerabilities

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c "real_parse_sdp()" function. A remote attacker could exploit this by tricking an user to connect to a preparated server potentially causing a buffer overflow. Another buffer overflow had been found in the libmms library, potentially allowing a remote attacker to cause a denial of service vulnerability, and possible remote code execution through the following functions: send_command, string_utf16, get_data and get_media_packets. Other functions might be affected as well.


Discovery 2006-05-04
Entry 2006-12-07
Modified 2006-12-09
libxine
< 1.1.3

18608
21435
CVE-2006-2200
CVE-2006-6172
http://sourceforge.net/project/shownotes.php?release_id=468432
48e14d86-42f1-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

xine developers report:

  • Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385)
  • Fix an integer overflow in the Quicktime demuxer.

Discovery 2009-04-04
Entry 2009-05-17
libxine
< 1.1.16.3

CVE-2009-0385
CVE-2009-1274
http://trapkit.de/advisories/TKADV2009-004.txt
http://trapkit.de/advisories/TKADV2009-005.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
51d1d428-42f0-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

  • Fix broken size checks in various input plugins (ref. CVE-2008-5239).
  • More malloc checking (ref. CVE-2008-5240).

Discovery 2009-02-15
Entry 2009-05-17
libxine
< 1.1.16.2

CVE-2009-0698
CVE-2008-5234
CVE-2008-5240
http://trapkit.de/advisories/TKADV2009-004.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
7a7c5853-10a3-11dd-8eb8-00163e000016libxine -- array index vulnerability

xine Team reports:

A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)


Discovery 2008-04-06
Entry 2008-04-24
libxine
< 1.1.12

CVE-2008-1686
http://www.xinehq.de/index.php/news
02eedd3c-c6b5-11dc-93b6-000e35248ad7libxine -- buffer overflow vulnerability

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2008-0225). It also contains a read-past-end fix for an internal library function which is only used if the OS does not supply it and a rendering fix for Darwin/PPC.


Discovery 2008-01-08
Entry 2008-01-19
libxine
< 1.1.9.1

CVE-2008-0225
http://aluigi.altervista.org/adv/xinermffhof-adv.txt
http://secunia.com/advisories/28384
06eac338-9ddf-11dd-813f-000e35248ad7libxine -- denial of service vulnerability

xine team reports:

A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows.


Discovery 2008-07-13
Entry 2008-10-19
libxine
< 1.1.15

CVE-2008-3231
http://www.xinehq.de/index.php/news
http://xforce.iss.net/xforce/xfdb/44040
6ecd0b42-ce77-11dc-89b1-000e35248ad7libxine -- buffer overflow vulnerability

xine project reports:

A new xine-lib version is now available. This release contains a security fix (remotely-expoitable buffer overflow, CVE-2006-1664). (This is not the first time that that bug has been fixed...) It also fixes a few more recent bugs, such as the audio output problems in 1.1.9.


Discovery 2008-01-23
Entry 2008-01-29
libxine
< 1.1.10

CVE-2006-1664
http://secunia.com/advisories/19853/