Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1664Improper Restriction of Operations within the Bounds of a Memory Buffer in Xine-lib

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
6.5%
top 8.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xine Xine-lib
Timeline
PublishedApr 7
Latest updateMay 1

Description

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDxine/xine-lib7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-9wrh-g7c2-fv5f: Buffer overflow in xine_list_delete_current in libxine 12022-05-01
CVEList
CVE-2006-1664: Buffer overflow in xine_list_delete_current in libxine 12006-04-07

💥Exploits & PoCs

1
Exploit-DB
Libxine 1.14 - MPEG Stream Buffer Overflow (PoC)2006-04-04

📋Vendor Advisories

1
Debian
CVE-2006-1664: vlc - Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as dist...2006
CVE-2006-1664 — Xine Xine-lib vulnerability | cvebase