Debian Kodi vulnerabilities

CVE-2023-30207 [MEDIUM] CVE-2023-30207: kodi - A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier... A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. Scope: local bookworm: resolved (fixed in 2:20.0~rc2+dfsg-2) bullseye: resolved (fixed in 2:19.1+dfsg2-2+deb11u2) sid: resolved (fixed in 2:20.0~rc2+dfsg-2) trixie: resolved (fixed in 2:20.0~rc2+dfsg-2)

CVE-2023-23082 [MEDIUM] CVE-2023-23082: kodi - A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 al... A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. Scope: local bookworm: resolved (fixed in 2:20.0+dfsg-2) bullseye: resolved (fixed in 2:19.1+dfsg2-2+deb11u2) sid: resolved (fixed in 2:20.0+dfsg-2) trixie: resolved (fixed in

CVE-2021-42917 [MEDIUM] CVE-2021-42917: kodi - Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause... Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. Scope: local bookworm: resolved (fixed in 2:19.3+dfsg1-1) bullseye: resolved (fixed in 2:19.1+dfsg2-2+deb11u1) sid: resolved (fixed in 2:19.3+dfsg1-1) trixie: resolved (fixed in 2:19.3+dfsg1-1)

CVE-2018-8831 [MEDIUM] CVE-2018-8831: kodi - A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that ... A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved

CVE-2017-5982 [HIGH] CVE-2017-5982: kodi - Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows re... Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. Scope: local bookworm: resolved (fixed in 2:18.6+dfsg1-1) bullseye: resolved (fixed in 2:18.6+dfsg1-1) sid: resolved (fixed in

CVE-2017-8314 [MEDIUM] CVE-2017-8314: kodi - Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier... Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. Scope: local bookworm: resolved (fixed in 2:17.1+dfsg1-3) bullseye: resolved (fixed in 2:17.1+dfsg1-3) sid: resolved (fixed in 2:17.1+dfsg1-3) trixie: resolved (fixed in 2:17.1+dfsg1-3)

CVE-2015-8367 [CRITICAL] CVE-2015-8367: darktable - The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause... The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie: resolved (fixed in 2.0.0-1

CVE-2015-8366 [CRITICAL] CVE-2015-8366: darktable - Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows... Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. Scope: local bookworm: resolved (fixed in 2.0.0-1) bullseye: resolved (fixed in 2.0.0-1) forky: resolved (fixed in 2.0.0-1) sid: resolved (fixed in 2.0.0-1) trixie:

CVE-2015-3885 [MEDIUM] CVE-2015-3885: darktable - Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows re... Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) forky: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.