Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1951 — Xine vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

2.5%

top 14.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Xine Xine Xine-lib Xine Xine-ui

Timeline

PublishedDec 31

Latest updateApr 29

Description

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDxine/xine20 versions+19

▶NVDxine/xine-ui0.9.21, 0.9.22, 0.9.23+2

▶NVDxine/xine-lib4 versions+3

Patches

Patch: security.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-w95m-6gwv-7rhp: xine 1↗2022-04-29

▶

CVEList

CVE-2004-1951: xine 1↗2005-05-10

▶

OSV

CVE-2004-1951: xine 1↗2004-12-31

▶

💥Exploits & PoCs

Exploit-DB

Xine 0.9.x and Xine-Lib 1 - Multiple Remote File Overwrite Vulnerabilities↗2004-04-22

▶

📋Vendor Advisories

Debian

CVE-2004-1951: xine-ui - xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.2...↗2004

▶