Description
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
Exploits (1)
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11433
Vendor Advisory x_refsource_confirm
http://www.xinehq.de/index.php/security/XSA-2004-1
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10193
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15939
Vendor Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372791
Vendor Advisory x_refsource_confirm
http://www.xinehq.de/index.php/security/XSA-2004-2
Patch vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200404-20.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5739
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5594
Scores
EPSS
0.0255
EPSS Percentile
85.6%
Details
Status
published
Products (27)
xine/xine
0.9.8
xine/xine
0.9.13
xine/xine
1_beta1
xine/xine
1_beta2
xine/xine
1_beta3
xine/xine
1_beta4
xine/xine
1_beta5
xine/xine
1_beta6
xine/xine
1_beta7
xine/xine
1_beta8
... and 17 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026