CVE-2006-1664 - Vulnerability Details - OpenCVE

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xine	Xine-lib

Configuration 1 [-]

OR	cpe:2.3:a:xine:xine-lib:0.9.13:::::::*
	cpe:2.3:a:xine:xine-lib:1.0:::::::*
	cpe:2.3:a:xine:xine-lib:1.0.1:::::::*
	cpe:2.3:a:xine:xine-lib:1.0.2:::::::*
	cpe:2.3:a:xine:xine-lib:1.0.3a:::::::*
	cpe:2.3:a:xine:xine-lib:1.1.0:::::::*
	cpe:2.3:a:xine:xine-lib:1.1.1:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=128838
http://secunia.com/advisories/19853
http://secunia.com/advisories/19856
http://secunia.com/advisories/28666
http://securitytracker.com/id?1015868
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608
http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml
http://www.securityfocus.com/bid/17370
http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl
https://exchange.xforce.ibmcloud.com/vulnerabilities/25670
https://www.exploit-db.com/exploits/1641
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-07T10:00:00

Updated: 2024-08-07T17:19:49.082Z

Reserved: 2006-04-07T00:00:00

Link: CVE-2006-1664

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-07T10:04:00.000

Modified: 2024-11-21T00:09:25.873

Link: CVE-2006-1664

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19856"}, {"name": "28666", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28666"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"}, {"name": "xinelib-mpeg-bo(25670)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"}, {"name": "FEDORA-2008-1047", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"}, {"name": "FEDORA-2008-1043", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"}, {"name": "19853", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19853"}, {"name": "17370", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17370"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"}, {"name": "1015868", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015868"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608"}, {"name": "1641", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/1641"}, {"name": "GLSA-200604-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19856"}, {"name": "28666", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28666"}, {"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl", "refsource": "MISC", "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"}, {"name": "xinelib-mpeg-bo(25670)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"}, {"name": "FEDORA-2008-1047", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"}, {"name": "FEDORA-2008-1043", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"}, {"name": "19853", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19853"}, {"name": "17370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17370"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=128838", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"}, {"name": "1015868", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015868"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608", "refsource": "MISC", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608"}, {"name": "1641", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1641"}, {"name": "GLSA-200604-16", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:19:49.082Z"}, "title": "CVE Program Container", "references": [{"name": "19856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19856"}, {"name": "28666", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28666"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"}, {"name": "xinelib-mpeg-bo(25670)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"}, {"name": "FEDORA-2008-1047", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"}, {"name": "FEDORA-2008-1043", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"}, {"name": "19853", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19853"}, {"name": "17370", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17370"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"}, {"name": "1015868", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015868"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608"}, {"name": "1641", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/1641"}, {"name": "GLSA-200604-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1664", "datePublished": "2006-04-07T10:00:00", "dateReserved": "2006-04-07T00:00:00", "dateUpdated": "2024-08-07T17:19:49.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*", "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825", "vulnerable": true}, {"criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream."}], "id": "CVE-2006-1664", "lastModified": "2024-11-21T00:09:25.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-07T10:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19853"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19856"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28666"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015868"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17370"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/1641"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=128838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19853"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=571608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-16.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/xinelib_poc.pl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/1641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00956.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00976.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}