cbcvebase.

Debian Xine-Ui vulnerabilities

5 known vulnerabilities affecting debian/xine-ui.

Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM2LOW3

Vulnerabilities

Page 1 of 1
CVE-2006-1905P3LOWCVSS 7.5PoCfixed in xine-ui 0.99.4-1 (bookworm)2006
CVE-2006-1905 [HIGH] CVE-2006-1905: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allo... Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. Scope: local bookworm: resolved (fixed in 0.99.4-1) bullseye: resolved (fixed in 0.99.4-1) forky: resolved (fixed in 0.99.4-1) sid: resolved (fixed in 0.99.4-
debian
CVE-2004-1951P4MEDIUMCVSS 5.0PoCfixed in xine-ui 0.99.1 (bookworm)2004
CVE-2004-1951 [MEDIUM] CVE-2004-1951: xine-ui - xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.2... xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. Scope: local bookworm: resolved (fixed in 0.99.1) bullseye: resolved (fixed in 0.99.1) forky: resolved (fixed in 0.99.1) sid: resolved (fixed in 0.99.1
debian
CVE-2006-2230P4MEDIUMCVSS 7.5PoCfixed in xine-ui 0.99.4-2 (bookworm)2006
CVE-2006-2230 [HIGH] CVE-2006-2230: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 migh... Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-se
debian
CVE-2007-0254P3LOWCVSS 10.0fixed in xine-ui 0.99.4+dfsg+cvs20061111-1 (bookworm)2007
CVE-2007-0254 [CRITICAL] CVE-2007-0254: xine-ui - Format string vulnerability in the errors_create_window function in errors.c in ... Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 0.99.4+dfsg+cvs20061111-1) bullseye: resolved (fixed in 0.99.4+dfsg+cvs20061111-1) forky: resolved (fixed in 0.99.4+dfsg+cvs20061111-1) sid: resolved (fixed in 0.99.4+dfsg+
debian
CVE-2004-0372P4LOWCVSS 2.1fixed in xine-ui 0.99.1-1 (bookworm)2004
CVE-2004-0372 [LOW] CVE-2004-0372: xine-ui - xine allows local users to overwrite arbitrary files via a symlink attack on a b... xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. Scope: local bookworm: resolved (fixed in 0.99.1-1) bullseye: resolved (fixed in 0.99.1-1) forky: resolved (fixed in 0.99.1-1) sid: resolved (fixed in 0.99.1-1) trixie: resolved (fixed in 0.99.1-1)
debian
Debian Xine-Ui vulnerabilities | cvebase