xine - A Free Video Player - Security (XSA)
+ Home
+ News
+ About xine
+ Documentation
+ Screenshots
+ Download
+ Developer's Corner
+ Quality Assurance
  + Bugs
  + Security (XSA)
  + Test Suite
+ Sponsors
+ Mailing lists
+ SF Project Page
+ Alioth Project Page
+ Freshmeat Page
+ Login
+ Polls
Sourceforge Logo
Security (XSA) 
xine Security Announcements
===========================

As with any complex application that may handle data from various, possibly
untrusted, sources, a media player such as xine is a highly critical piece
of software:
People may be tempted to create content that causes the player to do things
that the user didn't want to do. In the worst case, an attacker might
be able to exploit a bug to gain control over the whole machine that is
running such software.

While we are doing everything we can to avoid such bugs, there is still a
chance that more or less severe security issues arise. We are addressing
those issues as soon as we become aware of them, usually by fixing the
security relevant bug.

All known security bugs are listed in our xine Security Announcements, which
are regularly sent to the xine-announce mailing list and archived here.

To select an announcement from the archive, pick its ID from the select box
in the upper right of this page!

Currently, we have:

  XSA-2004-1: xine-lib config MRL vulnerability
  XSA-2004-2: xine-ui "cfg:" MRL vulnerability
  XSA-2004-3: xine-lib RTSP input vulnerability
  XSA-2004-4: multiple string overflows in xine-lib
  XSA-2004-5: heap overflow in DVD subpicture decoder
  XSA-2004-6: multiple heap overflows in PNM and Real RTSP streaming clients
  XSA-2004-7: stack overflow in AIFF demultiplexer
  XSA-2004-8: multiple heap overflows in MMS and Real RTSP streaming clients
  XSA-2005-1: format string vulnerability in CDDB client
Copyright © 2002-2005 The xine-Project Page impressions since July 2000: 2015669